CVE-2022-35503

Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself.
Configurations

No configuration.

History

21 Nov 2024, 07:11

Type Values Removed Values Added
References () https://osm.etsi.org/ - () https://osm.etsi.org/ -
References () https://osm.etsi.org/news-events/blog/83-cve-2022-35503-disclosure - () https://osm.etsi.org/news-events/blog/83-cve-2022-35503-disclosure -

03 Jul 2024, 01:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-286
CWE-77

02 May 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'http://osm.com', 'source': 'cve@mitre.org'}

02 May 2024, 14:15

Type Values Removed Values Added
Summary
  • (es) La verificación inadecuada de una entrada de usuario en Open Source MANO v7-v12 permite que un atacante autenticado ejecute código arbitrario dentro del contenedor del módulo LCM a través de un descriptor de función de red virtual (VNF). Un atacante puede ejecutar código para cambiar la ejecución normal de los componentes de OSM, recuperar información confidencial u obtener acceso a otras partes de la infraestructura de un operador de telecomunicaciones distintas del propio OSM.
References
  • () https://osm.etsi.org/ -

22 Apr 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-22 15:15

Updated : 2024-11-21 07:11


NVD link : CVE-2022-35503

Mitre link : CVE-2022-35503

CVE.ORG link : CVE-2022-35503


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-286

Incorrect User Management