Skip to content

Commit

Permalink
Auto-Update: 2024-01-03T23:00:25.423840+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Jan 3, 2024
1 parent 9dbc8a9 commit a230b6b
Show file tree
Hide file tree
Showing 25 changed files with 1,460 additions and 122 deletions.
64 changes: 60 additions & 4 deletions CVE-2022/CVE-2022-398xx/CVE-2022-39818.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2022-39818",
"sourceIdentifier": "[email protected]",
"published": "2023-12-25T06:15:07.880",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:51.820",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -14,11 +14,67 @@
"value": "En NOKIA NFM-T R19.9, se produce una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en /cgi-bin/R19.9/log.pl de la interfaz web de VM Manager a trav\u00e9s del par\u00e1metro cmd HTTP GET. Esto permite a los usuarios autenticados ejecutar comandos, con privilegios de root, en el sistema operativo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
64 changes: 60 additions & 4 deletions CVE-2022/CVE-2022-398xx/CVE-2022-39820.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2022-39820",
"sourceIdentifier": "[email protected]",
"published": "2023-12-25T06:15:08.013",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:40.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -14,11 +14,67 @@
"value": "En Network Element Manager en NOKIA NFM-T R19.9, se produce una vulnerabilidad de almacenamiento de credenciales desprotegidas en /root/RestUploadManager.xml.DRC y /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. Un usuario remoto, autenticado en el sistema operativo, con privilegios de acceso al directorio /root o /DEPOT, puede leer credenciales en texto plano para acceder al portal web NFM-T y controlar todos los elementos de la red PPS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
64 changes: 60 additions & 4 deletions CVE-2022/CVE-2022-398xx/CVE-2022-39822.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2022-39822",
"sourceIdentifier": "[email protected]",
"published": "2023-12-25T06:15:08.060",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:25.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -14,11 +14,67 @@
"value": "En NOKIA NFM-T R19.9, se produce una vulnerabilidad de inyecci\u00f3n SQL en /cgi-bin/R19.9/easy1350.pl de la interfaz web de VM Manager a trav\u00e9s del par\u00e1metro GET HTTP id o host. Se requiere un atacante autenticado para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
64 changes: 60 additions & 4 deletions CVE-2022/CVE-2022-417xx/CVE-2022-41760.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2022-41760",
"sourceIdentifier": "[email protected]",
"published": "2023-12-25T06:15:08.110",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T21:01:14.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -14,11 +14,67 @@
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. El Path Traversal relativo puede ocurrir en /oms1350/data/cpb/log de Network Element Manager a trav\u00e9s del par\u00e1metro filename, lo que permite a un atacante remoto autenticado leer archivos arbitrarios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Loading

0 comments on commit a230b6b

Please sign in to comment.