CVE-2021-28485

Опубликовано: 14 сент. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.

Ссылки

https://www.ericsson.com/en/about-us/security/psirt
Vendor Advisory
https://www.gruppotim.it/it/footer/red-team.html
Third Party Advisory
https://www.ericsson.com/en/about-us/security/psirt
Vendor Advisory
https://www.gruppotim.it/it/footer/red-team.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ericsson:mobile_switching_center_server_bc_18a_firmware:*:*:*:*:*:*:*:*

Версия от is_3.1 (включая) до is_3.1_cp22 (исключая)

cpe:2.3:h:ericsson:mobile_switching_center_server_bc_18a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00474

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-r68w-x838-c65m

CVSS3: 6.5

github

больше 2 лет назад

Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS 3.1 releases before IS 3.1 CP22 allows Directory Traversal.