← Back to CVEs
CVE-2024-25007
HIGH7.1
Description
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.
CVE Details
CVSS v3.1 Score7.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionREQUIRED
Published4/4/2024
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
ericsson:network_manager
Weaknesses (CWE)
CWE-1236CWE-1236
References
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024(85b1779b-6ecd-4f52-bcc5-73eac4659dcf)
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.