PT-2022-25015 · Nokia · Nokia 1350 Oms
Fabio Romano
+3
·
Published
2022-09-13
·
Updated
2022-10-01
·
CVE-2022-39821
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
NOKIA 1350 OMS version R14.2
Description
The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. This issue occurs under the /usr/Systems/OTNE 1 14 Master/maintenance/trace/web/.otn.default.log endpoint.
Recommendations
For NOKIA 1350 OMS version R14.2, consider restricting access to the .otn.default.log file to minimize the risk of exploitation. As a temporary workaround, restrict read access to the /usr/Systems/OTNE 1 14 Master/maintenance/trace/web/ directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nokia 1350 Oms