CVE-2022-39816

Name of the Vulnerable Software and Affected Versions NOKIA 1350 OMS version R14.2

Description The issue involves insufficiently protected credentials, specifically a cleartext administrator password, found on the edit configuration page. This can be exploited by an authenticated attacker. The vulnerable endpoint is /cgi-bin/R14.2/cgi-bin/R14.2/host.pl.

Recommendations For NOKIA 1350 OMS version R14.2, consider restricting access to the edit configuration page and the /cgi-bin/R14.2/cgi-bin/R14.2/host.pl endpoint until a fix is available. As a temporary workaround, ensure that all access to the system is tightly controlled to minimize the risk of exploitation by an authenticated attacker. At the moment, there is no information about a newer version that contains a fix for this vulnerability.