CVE-2021-32570

Name of the Vulnerable Software and Affected Versions Ericsson Network Manager versions prior to 21.2

Description The issue allows users belonging to the same AMOS authorization group to retrieve data from certain log files, potentially leading to privilege escalation. All AMOS users are considered highly privileged in the ENM system and must be previously defined and authorized by the Security Administrator. These users can access log files under a common path and read stored information to conduct privilege escalation.

Recommendations For versions prior to 21.2, consider restricting access to log files under the common path to minimize the risk of exploitation. As a temporary workaround, limit the privileges of AMOS users to prevent them from accessing sensitive information in the log files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.