CVE-2022-39819

Name of the Vulnerable Software and Affected Versions NOKIA 1350 OMS version R14.2

Description The issue allows authenticated users to execute commands on the operating system due to multiple OS Command Injection vulnerabilities. These vulnerabilities occur in the /cgi-bin/R14.2/log.pl endpoint via the cmd HTTP GET parameter and in the /cgi-bin/R14.2/checkping.pl endpoint via the addr HTTP GET parameter.

Recommendations For NOKIA 1350 OMS version R14.2, consider disabling access to the /cgi-bin/R14.2/log.pl and /cgi-bin/R14.2/checkping.pl endpoints until a patch is available. Additionally, restrict the use of the cmd and addr parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.