Luca Carbone

Name of the Vulnerable Software and Affected Versions: Italtel S.p.A. i-MCS NFV version 12.1.0-20211215 Description: The issue is a cross-site scripting (XSS) vulnerability that allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameters. This can be exploited by attackers to execute malicious scripts on the victim's browser. Recommendations: For Italtel S.p.A. i-MCS NFV version 12.1.0-20211215, consider restricting access to HTTP/POST parameters to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel Embrace version 1.6.4 **Description** An issue was discovered in the web application where the access token of an authenticated user is inserted inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token is sent in GET requests, this could lead to complete account takeover. **Recommendations** For Italtel Embrace version 1.6.4, consider disabling the use of access tokens in GET requests as a temporary workaround until a patch is available. Restrict access to sensitive information and session identifiers to minimize the risk of exploitation. Avoid using sensitive information in query strings for URLs to prevent potential recording in browser history, web logs, or other sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel i-MCS NFV version 12.1.0-20211215 **Description** An issue was discovered that allows stored Cross-site scripting (XSS) to occur via POST requests. This means an attacker can inject malicious scripts into the system, which can then be executed by other users, potentially leading to unauthorized actions or data theft. **Recommendations** For Italtel i-MCS NFV version 12.1.0-20211215, as a temporary workaround, consider restricting access to the POST endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Italtel i-MCS NFV version 12.1.0-20211215 **Description** An issue allows remote unauthenticated attackers to upload files at an arbitrary path. **Recommendations** For Italtel i-MCS NFV version 12.1.0-20211215, consider restricting file upload functionality to authenticated users as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel i-MCS NFV version 12.1.0-20211215 **Description** An issue was discovered in the software, related to Incorrect Access Control. **Recommendations** For Italtel i-MCS NFV version 12.1.0-20211215, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Italtel Embrace version 1.6.4 **Description** The issue is related to improper input validation in the Web application, allowing authenticated users to execute commands on the Operating System. **Recommendations** For Italtel Embrace version 1.6.4, update the software to a version that properly checks parameters sent as input before they are processed on the server side. As a temporary workaround, consider restricting access to the Web application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Italtel Embrace version 1.6.4 **Description** An issue was discovered in the product where it does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter, which can be modified by an attacker to attribute every action they perform to a different user. This can be exploited without authentication. **Recommendations** For Italtel Embrace version 1.6.4, consider restricting access to the logging functionality to prevent exploitation. As a temporary workaround, avoid using the GET query string parameter for logging until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel Embrace version 1.6.4 **Description** A stored cross-site scripting (XSS) issue allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization. **Recommendations** For Italtel Embrace version 1.6.4, consider disabling the GET parameter that allows user input until a patch is available to prevent exploitation of the stored cross-site scripting issue. Restrict access to the affected parameter to minimize the risk of arbitrary web script or HTML injection.

**Name of the Vulnerable Software and Affected Versions** Italtel Embrace version 1.6.4 **Description** An issue was discovered where the server does not properly handle application errors, leading to a disclosure of information about the server. An unauthenticated user can craft specific requests to make the application generate an error, revealing information such as the absolute path of the source code of the application. This information can help an attacker perform other attacks against the system. The issue can be exploited without authentication. **Recommendations** For Italtel Embrace version 1.6.4, consider implementing proper error handling mechanisms to prevent information disclosure. As a temporary workaround, restrict access to error messages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel Embrace version 1.6.4 **Description** An issue was discovered where the web application inserts cleartext passwords in the HTML source code. An authenticated user can edit the configuration of the email server. When accessing the edit function, the web application fills the edit form with the current credentials for the email account, including the cleartext password. **Recommendations** For Italtel Embrace version 1.6.4, consider restricting access to the edit function for the email server configuration to minimize the risk of exploitation. As a temporary workaround, avoid using the edit function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel Embrace version 1.6.4 **Description** An issue was discovered where the web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. **Recommendations** For Italtel Embrace version 1.6.4, ensure proper input sanitization is implemented in the web server to prevent unauthorized file access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel Embrace version 1.6.4 **Description** An issue was discovered in the web application where it does not restrict or incorrectly restricts access to a resource from an unauthorized actor. **Recommendations** For Italtel Embrace version 1.6.4, consider restricting access to sensitive resources to authorized actors only, until a patch or fix is available.

**Name of the Vulnerable Software and Affected Versions** NOKIA NFM-T version R19.9 **Description** An OS Command Injection issue occurs in the `/cgi-bin/R19.9/log.pl` endpoint of the VM Manager WebUI via the `cmd` HTTP GET parameter. This allows authenticated users to execute commands with root privileges on the operating system. **Recommendations** For NOKIA NFM-T version R19.9, consider disabling access to the `/cgi-bin/R19.9/log.pl` endpoint or restricting the use of the `cmd` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CODESYS products (affected versions not specified) **Description** The issue is related to a stack-based out-of-bounds write vulnerability that can be exploited by an authenticated remote attacker to write data into the stack. This can lead to a denial-of-service condition, memory overwriting, or remote code execution. The vulnerability is associated with a buffer overflow in memory, which can be exploited to cause a denial-of-service condition or execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel NetMatch-S CI version 5.2.0-20211008 **Description** The issue concerns incorrect Access Control. Specifically, it affects the "NMSCI-WebGui/advancedsettings.jsp" and "NMSCI-WebGui/SaveFileUploader" endpoints. This allows an attacker to view unauthorized pages and modify system configuration by bypassing controls without verifying user identity. **Recommendations** For Italtel NetMatch-S CI version 5.2.0-20211008, consider restricting access to the "NMSCI-WebGui/advancedsettings.jsp" and "NMSCI-WebGui/SaveFileUploader" endpoints until a proper fix is available. Additionally, ensure that all system configurations are monitored closely for unauthorized changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel NetMatch-S CI version 5.2.0-20211008 **Description** The issue allows an unauthenticated user to upload files to an arbitrary path due to Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An attacker can modify the `uploadDir` parameter in a POST request to an arbitrary directory. Since the application does not verify the upload directory, this can lead to unauthorized access to the server. **Recommendations** For Italtel NetMatch-S CI version 5.2.0-20211008, consider restricting access to the NMSCI-WebGui/SaveFileUploader to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict modifications to the `uploadDir` parameter in POST requests to prevent arbitrary directory uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel NetMatch-S CI version 5.2.0-20211008 **Description** The issue allows for Multiple Reflected/Stored XSS, enabling an attacker to inject arbitrary JavaScript. This can be achieved via the "j security check" endpoint under NMSCIWebGui, using the `j username` parameter, or via the "actloglineview.jsp" endpoint under NMSCIWebGui, using the `name` or `actLine` parameters. The injected payload would be triggered every time an authenticated user browses the page containing it. **Recommendations** For Italtel NetMatch-S CI version 5.2.0-20211008, consider restricting access to the "j security check" and "actloglineview.jsp" endpoints under NMSCIWebGui until a patch is available. As a temporary workaround, avoid using the `j username`, `name`, and `actLine` parameters in the affected endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350OMS version R14.2 **Description** An issue exists in the software, allowing a remote authenticated attacker to read files on the filesystem arbitrarily due to an Absolute Path Traversal vulnerability. This vulnerability can be exploited via a specific endpoint using the `logfile` parameter. **Recommendations** For NOKIA 1350OMS version R14.2, as a temporary workaround, consider restricting access to the vulnerable endpoint and the `logfile` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350OMS version R14.2 **Description** A reflected XSS issue was discovered, affecting various "/oms1350/*" endpoints. **Recommendations** For NOKIA 1350OMS version R14.2, consider restricting access to the vulnerable "/oms1350/*" endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350OMS version R14.2 **Description** An issue exists in the software, where multiple Relative Path Traversal issues are present in different specific endpoints via the `file` parameter. This allows a remote authenticated attacker to read files on the filesystem arbitrarily. **Recommendations** For NOKIA 1350OMS version R14.2, consider restricting access to the vulnerable endpoints and limiting the use of the `file` parameter until a fix is available. As a temporary workaround, restrict file system access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.