CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25009 – Ericsson Packet Core Controller (PCC) - Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2024-25009
Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. • https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-packet-core-controller-pcc-august-2024 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49793 – Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
https://notcve.org/view.php?id=CVE-2023-49793
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of `CodeChecker store` are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of `CodeChecker server`. The vulnerable endpoint is `/Default/v6.53/CodeCheckerService@massStoreRun`. The path traversal vulnerability allows reading data on the machine of the `CodeChecker server`, with the same permission level as the `CodeChecker server`. The attack requires a user account on the `CodeChecker server`, with permission to store to a server, and view the stored report. • https://github.com/Ericsson/codechecker/commit/46bada41e32f3ba0f6011d5c556b579f6dddf07a https://github.com/Ericsson/codechecker/security/advisories/GHSA-h26w-r4m5-8rrf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25007 – Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability
https://notcve.org/view.php?id=CVE-2024-25007
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability. Ericsson Network Manager (ENM), versiones anteriores a la 23.1, contiene una vulnerabilidad en la función de exportación del registro de la aplicación donde la neutralización inadecuada de elementos de fórmula en un archivo CSV puede provocar la ejecución de código o la divulgación de información. El impacto en la integridad y la disponibilidad es limitado. • https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39909
https://notcve.org/view.php?id=CVE-2023-39909
Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. Ericsson Network Manager anterior a 23.2 maneja mal el control de acceso y, por lo tanto, los usuarios no autenticados con pocos privilegios pueden acceder a la aplicación NCM. • https://www.gruppotim.it/it/footer/red-team.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47531
https://notcve.org/view.php?id=CVE-2022-47531
An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell. Se descubrió un problema en las versiones 3.x anteriores a 3.25 y 2.x anteriores a 2.16 de Ericsson Evolved Packet Gateway (EPG), que permite a los usuarios autenticados omitir la Interfaz de Línea de Comandos (CLI) del sistema y ejecutar comandos que están autorizados a ejecutar directamente en el shell de UNIX. • https://www.gruppotim.it/it/footer/red-team.html •