CVE-2022-41763

Name of the Vulnerable Software and Affected Versions NOKIA AMS version 9.7.05

Description An issue exists in the debugger of the ipAddress variable, allowing Remote Code Execution. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.

Recommendations For NOKIA AMS version 9.7.05, consider disabling the debugger of the ipAddress variable as a temporary workaround to minimize the risk of exploitation. Restrict access to the PING function to prevent code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.