CVE-2021-32571

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to

En los sistemas OSS-RC de la versión 18B y anteriores, durante los procedimientos de migración de datos, determinados archivos que contienen nombres de usuario y contraseñas se dejan en el sistema sin borrar, pero en carpetas a las que sólo pueden acceder las cuentas con mayores privilegios. NOTA: Esta vulnerabilidad sólo afecta a los productos que ya no son soportados por el mantenedor. Ericsson Network Manager es un sistema OSS de nueva generación al que los clientes de OSS-RC deberán actualizarse

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-05-11 CVE Reserved
2021-10-14 CVE Published
2023-05-07 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-459: Incomplete Cleanup

CAPEC

References (1)

URL	Tag	Source
https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ericsson Search vendor "Ericsson"	Operations Support System-radio And Core Firmware Search vendor "Ericsson" for product "Operations Support System-radio And Core Firmware"	<= 18b Search vendor "Ericsson" for product "Operations Support System-radio And Core Firmware" and version " <= 18b"	-	Affected	in	Ericsson Search vendor "Ericsson"	Operations Support System-radio And Core Search vendor "Ericsson" for product "Operations Support System-radio And Core"	-	-	Safe

* End Of Life in some or all products. Do not expect updates.