An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files.
References
Link | Resource |
---|---|
https://www.gruppotim.it/it/footer/red-team.html | Exploit Third Party Advisory |
https://www.gruppotim.it/it/footer/red-team.html | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory |
03 Jan 2024, 21:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:* | |
First Time |
Nokia network Functions Manager For Transport
Nokia |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-22 |
25 Dec 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-25 06:15
Updated : 2024-11-21 07:23
NVD link : CVE-2022-41761
Mitre link : CVE-2022-41761
CVE.ORG link : CVE-2022-41761
JSON object : View
Products Affected
nokia
- network_functions_manager_for_transport
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')