Page 4 of 116 results (0.003 seconds)

CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans. Si no se siguen las reglas de la guía de refuerzo de seguridad, los productos Nokia WaveLite permiten a un usuario local crear nuevos usuarios con privilegios administrativos mediante la manipulación de una solicitud web. Esto afecta (por ejemplo) a: WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, y WaveLite Metro 200 NE OPS and F2B fans. • https://nokia.com https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618 • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service. Se ha descubierto un problema en NOKIA AMS v9.7.05. • https://www.gruppotim.it/it/footer/red-team.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. • https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling https://news.ycombinator.com/item?id=37305800 https://www.nokia.com/networks/technologies/service-router-operating-system • CWE-670: Always-Incorrect Control Flow Implementation •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. • https://www.gruppotim.it/it/footer/red-team.html https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. • https://www.gruppotim.it/it/footer/red-team.html https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •