CVE-2022-41761

Name of the Vulnerable Software and Affected Versions NOKIA NFM-T version R19.9

Description An issue exists in the VM Manager WebUI under the endpoint "/cgi-bin/R19.9/viewlog.pl" via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files due to an Absolute Path Traversal vulnerability.

Recommendations For NOKIA NFM-T version R19.9, consider disabling access to the "/cgi-bin/R19.9/viewlog.pl" endpoint or restricting the logfile parameter to prevent exploitation until a patch is available.