exploitDog

CVE-2022-28863

Опубликовано: 24 июл. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.

Ссылки

https://www.gruppotim.it/it/footer/red-team.html
Exploit
Third Party Advisory
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html
Not Applicable
https://www.gruppotim.it/it/footer/red-team.html
Exploit
Third Party Advisory
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nokia:netact:22.0.0.62:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.0023

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-wrgm-rq8f-75r7

CVSS3: 8.8

github

больше 2 лет назад

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.

EPSS

Процентиль: 45%

0.0023

Низкий

8.8 High

CVSS3

Дефекты

CWE-434