CVE-2021-32570
MEDIUMEricsson Network Manager < 21.2 - Log Information Exposure
Title source: ruleDescription
In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.ericsson.com
Third Party Advisory x_refsource_misc
https://www.gruppotim.it/it/footer/red-team.html
Scores
CVSS v3
4.9
EPSS
0.0020
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
ericsson/network_manager
< 21.2
Published
Aug 26, 2022
Tracked Since
Feb 18, 2026