← Zuruck zu CVEs
CVE-2024-25007
HIGH7.1
Beschreibung
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.
CVE Details
CVSS v3.1 Bewertung7.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionREQUIRED
Veroffentlicht4/4/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
ericsson:network_manager
Schwachen (CWE)
CWE-1236CWE-1236
Referenzen
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024(85b1779b-6ecd-4f52-bcc5-73eac4659dcf)
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.