Stefano Scipioni

Name of the Vulnerable Software and Affected Versions: Italtel S.p.A. i-MCS NFV version 12.1.0-20211215 Description: The issue is a cross-site scripting (XSS) vulnerability that allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameters. This can be exploited by attackers to execute malicious scripts on the victim's browser. Recommendations: For Italtel S.p.A. i-MCS NFV version 12.1.0-20211215, consider restricting access to HTTP/POST parameters to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel i-MCS NFV version 12.1.0-20211215 **Description** An issue was discovered in the software, related to Incorrect Access Control. **Recommendations** For Italtel i-MCS NFV version 12.1.0-20211215, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Italtel i-MCS NFV version 12.1.0-20211215 **Description** An issue was discovered that allows stored Cross-site scripting (XSS) to occur via POST requests. This means an attacker can inject malicious scripts into the system, which can then be executed by other users, potentially leading to unauthorized actions or data theft. **Recommendations** For Italtel i-MCS NFV version 12.1.0-20211215, as a temporary workaround, consider restricting access to the POST endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Italtel i-MCS NFV version 12.1.0-20211215 **Description** An issue allows remote unauthenticated attackers to upload files at an arbitrary path. **Recommendations** For Italtel i-MCS NFV version 12.1.0-20211215, consider restricting file upload functionality to authenticated users as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SELESTA Visual Access Manager version 4.38.6 **Description** An issue in SELESTA Visual Access Manager allows attackers to modify the `computer` POST parameter related to the ID of a specific reception by POST HTTP request interception. This can lead to unauthorized access to the application and control of many other receptions beyond the assigned one. The issue can be exploited via local network only. **Recommendations** For SELESTA Visual Access Manager version 4.38.6, restrict local network access and monitor logs until a patch is available. As a temporary workaround, consider restricting access to the `computer` POST parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NOKIA NFM-T version R19.9 **Description** An issue exists in the Network Element Manager, specifically a Reflected XSS. This issue can be exploited via several API endpoints, including "/oms1350/pages/otn/cpbLogDisplay" via the `filename` parameter, under "/oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay" via the `id` parameter, and under "/oms1350/pages/otn/mainOtn" via all parameters. **Recommendations** For NOKIA NFM-T version R19.9, consider disabling access to the vulnerable API endpoints "/oms1350/pages/otn/cpbLogDisplay", "/oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay", and "/oms1350/pages/otn/mainOtn" until a patch is available. Additionally, restrict the use of the `filename` and `id` parameters in these endpoints to minimize the risk of exploitation. Avoid using all parameters in the "/oms1350/pages/otn/mainOtn" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NOKIA NFM-T version R19.9 **Description** A SQL Injection issue occurs in the /cgi-bin/R19.9/easy1350.pl endpoint of the VM Manager WebUI, specifically via the `id` or `host` HTTP GET parameters. This issue requires an authenticated attacker for exploitation. **Recommendations** For NOKIA NFM-T version R19.9, consider restricting access to the /cgi-bin/R19.9/easy1350.pl endpoint until a patch is available. As a temporary workaround, avoid using the `id` and `host` parameters in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NOKIA NFM-T version R19.9 **Description** An OS Command Injection issue occurs in the `/cgi-bin/R19.9/log.pl` endpoint of the VM Manager WebUI via the `cmd` HTTP GET parameter. This allows authenticated users to execute commands with root privileges on the operating system. **Recommendations** For NOKIA NFM-T version R19.9, consider disabling access to the `/cgi-bin/R19.9/log.pl` endpoint or restricting the use of the `cmd` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NOKIA NFM-T version R19.9 **Description** An Unprotected Storage of Credentials issue occurs in the Network Element Manager under `/root/RestUploadManager.xml.DRC` and `/DEPOT/KECustom 199/OTNE DRC/RestUploadManager.xml`. A remote user, authenticated to the operating system with access privileges to the directory `/root` or `/DEPOT`, can read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. **Recommendations** For NOKIA NFM-T version R19.9, consider restricting access to the directories `/root` and `/DEPOT` to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users to prevent them from reading sensitive files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eGroupWare version 17.1.20190111 **Description** An issue affects the setup panel under setup/manageheader.php, allowing authenticated remote attackers with administrator credentials to read a cleartext database password due to improper password storage. This issue does not specify the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For eGroupWare version 17.1.20190111, consider restricting access to the setup panel under setup/manageheader.php to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel NetMatch-S CI version 5.2.0-20211008 **Description** The issue allows an unauthenticated user to upload files to an arbitrary path due to Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An attacker can modify the `uploadDir` parameter in a POST request to an arbitrary directory. Since the application does not verify the upload directory, this can lead to unauthorized access to the server. **Recommendations** For Italtel NetMatch-S CI version 5.2.0-20211008, consider restricting access to the NMSCI-WebGui/SaveFileUploader to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict modifications to the `uploadDir` parameter in POST requests to prevent arbitrary directory uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel NetMatch-S CI version 5.2.0-20211008 **Description** The issue concerns incorrect Access Control. Specifically, it affects the "NMSCI-WebGui/advancedsettings.jsp" and "NMSCI-WebGui/SaveFileUploader" endpoints. This allows an attacker to view unauthorized pages and modify system configuration by bypassing controls without verifying user identity. **Recommendations** For Italtel NetMatch-S CI version 5.2.0-20211008, consider restricting access to the "NMSCI-WebGui/advancedsettings.jsp" and "NMSCI-WebGui/SaveFileUploader" endpoints until a proper fix is available. Additionally, ensure that all system configurations are monitored closely for unauthorized changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Italtel NetMatch-S CI version 5.2.0-20211008 **Description** The issue allows for Multiple Reflected/Stored XSS, enabling an attacker to inject arbitrary JavaScript. This can be achieved via the "j security check" endpoint under NMSCIWebGui, using the `j username` parameter, or via the "actloglineview.jsp" endpoint under NMSCIWebGui, using the `name` or `actLine` parameters. The injected payload would be triggered every time an authenticated user browses the page containing it. **Recommendations** For Italtel NetMatch-S CI version 5.2.0-20211008, consider restricting access to the "j security check" and "actloglineview.jsp" endpoints under NMSCIWebGui until a patch is available. As a temporary workaround, avoid using the `j username`, `name`, and `actLine` parameters in the affected endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350OMS version R14.2 **Description** An issue exists in the software, allowing a remote authenticated attacker to read files on the filesystem arbitrarily due to an Absolute Path Traversal vulnerability. This vulnerability can be exploited via a specific endpoint using the `logfile` parameter. **Recommendations** For NOKIA 1350OMS version R14.2, as a temporary workaround, consider restricting access to the vulnerable endpoint and the `logfile` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350OMS version R14.2 **Description** A reflected XSS issue was discovered, affecting various "/cgi-bin/R14.2*" API endpoints. **Recommendations** For NOKIA 1350OMS version R14.2, consider restricting access to the affected "/cgi-bin/R14.2*" API endpoints until a fix is available.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350OMS version R14.2 **Description** An issue exists in the software, where multiple Relative Path Traversal issues are present in different specific endpoints via the `file` parameter. This allows a remote authenticated attacker to read files on the filesystem arbitrarily. **Recommendations** For NOKIA 1350OMS version R14.2, consider restricting access to the vulnerable endpoints and limiting the use of the `file` parameter until a fix is available. As a temporary workaround, restrict file system access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350OMS version R14.2 **Description** A reflected XSS issue was discovered, affecting various "/oms1350/*" endpoints. **Recommendations** For NOKIA 1350OMS version R14.2, consider restricting access to the vulnerable "/oms1350/*" endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350 OMS version R14.2 **Description** An Open Redirect issue occurs on the login page via the `next` HTTP GET parameter. **Recommendations** For NOKIA 1350 OMS version R14.2, consider restricting access to the login page or validating the `next` parameter to prevent redirection to unauthorized sites until a fix is available.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350 OMS version R14.2 **Description** The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. This issue occurs under the /usr/Systems/OTNE 1 14 Master/maintenance/trace/web/.otn.default.log endpoint. **Recommendations** For NOKIA 1350 OMS version R14.2, consider restricting access to the .otn.default.log file to minimize the risk of exploitation. As a temporary workaround, restrict read access to the /usr/Systems/OTNE 1 14 Master/maintenance/trace/web/ directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NOKIA 1350 OMS version R14.2 **Description** The issue allows authenticated users to execute commands on the operating system due to multiple OS Command Injection vulnerabilities. These vulnerabilities occur in the `/cgi-bin/R14.2/log.pl` endpoint via the `cmd` HTTP GET parameter and in the `/cgi-bin/R14.2/checkping.pl` endpoint via the `addr` HTTP GET parameter. **Recommendations** For NOKIA 1350 OMS version R14.2, consider disabling access to the `/cgi-bin/R14.2/log.pl` and `/cgi-bin/R14.2/checkping.pl` endpoints until a patch is available. Additionally, restrict the use of the `cmd` and `addr` parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.