← Voltar para CVEs
CVE-2024-25007
HIGH7.1
Descricao
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.
Detalhes CVE
Pontuacao CVSS v3.17.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
Vetor de ataqueADJACENT_NETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioREQUIRED
Publicado4/4/2024
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
ericsson:network_manager
Fraquezas (CWE)
CWE-1236CWE-1236
Referencias
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024(85b1779b-6ecd-4f52-bcc5-73eac4659dcf)
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.