CVE-2023-6729 – Nokia SR OS: File Access Security Vulnerability
https://notcve.org/view.php?id=CVE-2023-6729
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. • https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6729 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-6728 – Nokia SR OS: BOF File Encryption Vulnerability
https://notcve.org/view.php?id=CVE-2023-6728
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. • https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728 • CWE-326: Inadequate Encryption Strength •
CVE-2022-43675
https://notcve.org/view.php?id=CVE-2022-43675
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters. Se descubrió un problema en NOKIA NFM-T R19.9. El XSS reflejado en Network Element Manager existe a través de /oms1350/pages/otn/cpbLogDisplay a través del parámetro filename, en /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay a través del parámetro id y en /oms1350/pages/otn/mainOtn a través de todos los parámetros. • https://www.gruppotim.it/redteam • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-39822
https://notcve.org/view.php?id=CVE-2022-39822
In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. En NOKIA NFM-T R19.9, se produce una vulnerabilidad de inyección SQL en /cgi-bin/R19.9/easy1350.pl de la interfaz web de VM Manager a través del parámetro GET HTTP id o host. Se requiere un atacante autenticado para la explotación. • https://www.gruppotim.it/it/footer/red-team.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-39820
https://notcve.org/view.php?id=CVE-2022-39820
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. En Network Element Manager en NOKIA NFM-T R19.9, se produce una vulnerabilidad de almacenamiento de credenciales desprotegidas en /root/RestUploadManager.xml.DRC y /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. Un usuario remoto, autenticado en el sistema operativo, con privilegios de acceso al directorio /root o /DEPOT, puede leer credenciales en texto plano para acceder al portal web NFM-T y controlar todos los elementos de la red PPS. • https://www.gruppotim.it/it/footer/red-team.html • CWE-522: Insufficiently Protected Credentials •