CVE-2022-46408

MEDIUM

Ericsson Network Manager <22.1 - RCE

Title source: llm

Description

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.

References (1)

[Third Party Advisory] https://www.gruppotim.it/it/footer/red-team.html

Scores

CVSS v3 6.8

EPSS 0.0149

EPSS Percentile 81.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1236

Status published

Products (1)

ericsson/network_manager < 22.1

Published Jun 29, 2023

Tracked Since Feb 18, 2026