Vulnerability in Export Function of Application Log Could Lead to Code Execution or Information Disclosure
CVE-2024-25007

7.1HIGH

Key Information:

Vendor: Ericsson
Status: Ericsson Network Manager
Vendor: CVE Published:; 4 April 2024

Badges

📰 News Worthy

Summary

Ericsson Network Manager versions prior to 23.1 have a security vulnerability affecting the export function of application logs. This vulnerability arises from the improper neutralization of formula elements within CSV files, which could allow an attacker on an adjacent network with administrative access to exploit it. Exploitation may lead to unauthorized code execution or potential information disclosure, posing risks to the security and integrity of the system.

Affected Version(s)

Ericsson Network Manager 0 < 23.1

News Articles

Red Hot Cyber

CVE-2024-21893 CVE-2024-25007

TIM Red Team Research scopre un Bug di CSV Injection su Ericsson Network Manager (ENM)

Il laboratorio di ricerca sui bug di TIM il Red Team Research, rileva un bug sul prodotto Ericsson Network Manager (ENM) ed Ericsson emette un bollettino.

References

https://www.ericsson.com/en/about-us/security/psirt/secur...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

📰
First article discovered by Red Hot Cyber
Apr 8, 2024
Vulnerability published
Apr 4, 2024

Credit

Ericsson thanks Luca Borzacchiello, Andrea Carlo Maria Dattola, Massimiliano Ferraresi, Massimiliano Brolli of TIM Security Red Team Research, TIM S.p.A. for reporting this issue.