exploitDog

GHSA-37p6-x4xg-m25g

Опубликовано: 14 сент. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /CGI-BIN/OTNE_1-14/runBatch.cgi via the file HTTP POST parameter, /CGI-BIN/OTNE_1-14/getRadioTLs.cgi via the context HTTP POST parameter, /CGI-BIN/OTNE_1-14/runRouteReport.cgi via the file HTTP POST parameter or /CGI-BIN/RemoteCommandManager.cgi via the command HTTP POST parameter.

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /CGI-BIN/OTNE_1-14/runBatch.cgi via the file HTTP POST parameter, /CGI-BIN/OTNE_1-14/getRadioTLs.cgi via the context HTTP POST parameter, /CGI-BIN/OTNE_1-14/runRouteReport.cgi via the file HTTP POST parameter or /CGI-BIN/RemoteCommandManager.cgi via the command HTTP POST parameter.

Ссылки

EPSS

Процентиль: 94%

0.13489

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2022-39815

CVSS3: 9.8

nvd

больше 3 лет назад

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system.

EPSS

Процентиль: 94%

0.13489

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-78