exploitDog

CVE-2022-46408

Опубликовано: 29 июн. 2023

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.

Ссылки

https://www.gruppotim.it/it/footer/red-team.html
Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ericsson:network_manager:*:*:*:*:*:*:*:*

Версия до 22.1 (исключая)

EPSS

Процентиль: 78%

0.0111

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-1236

Связанные уязвимости

GHSA-7983-xrcc-744g

CVSS3: 6.8

github

больше 2 лет назад

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.

EPSS

Процентиль: 78%

0.0111

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-1236