CVE-2022-39820

MEDIUM

Nokia Network Functions Manager For T... - Insufficiently Protected Credentials

Title source: rule

Description

In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.

References (1)

[Exploit, Third Party Advisory] https://www.gruppotim.it/it/footer/red-team.html

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

nokia/network_functions_manager_for_transport

Timeline

Published Dec 25, 2023

Tracked Since Feb 18, 2026