Pedro Escaleira

**Name of the Vulnerable Software and Affected Versions** Open Source MANO versions 7 through 12 **Description** The issue is related to improper verification of user input, allowing an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. This could enable the attacker to change the normal execution of the OSM components, retrieve confidential information, or gain access to other parts of a Telco Operator infrastructure. **Recommendations** For Open Source MANO versions 7 through 12, consider restricting access to the LCM module container and Virtual Network Function (VNF) descriptors to minimize the risk of exploitation. As a temporary workaround, limit the execution of arbitrary code within the container until a patch is available.