CVE-2022-41763

HIGH

NOKIA AMS 9.7.05 - Authenticated Remote Code Execution via PING Function Debugger

Title source: llm
STIX 2.1

Description

An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html

Scores

CVSS v3 8.8
EPSS 0.0121
EPSS Percentile 64.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
nokia/access_management_system 9.7.05
Published Sep 05, 2023
Tracked Since Feb 18, 2026