PT-2023-12128 · Ericsson · Ericsson Mobile Switching Center Server

Alessandro Bosco

Publicado

2023-09-14

Atualizado

2023-10-25

CVE-2021-28485

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ericsson Mobile Switching Center Server (MSC-S) versions BC 18A and IS 3.1 through IS 3.1 CP21

Description The issue allows relative path traversal via a specific parameter in the https request after authentication, which enables access to files on the system that are not intended to be accessible via the web application.

Recommendations For Ericsson Mobile Switching Center Server (MSC-S) versions BC 18A and IS 3.1 through IS 3.1 CP21, update to IS 3.1 CP22 or later to resolve the issue.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2021-28485

Produtos afetados

Ericsson Mobile Switching Center Server

PT-2023-12128 · Ericsson · Ericsson Mobile Switching Center Server

CVE-2021-28485

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8