CVE-2023-26059

Name of the Vulnerable Software and Affected Versions Nokia NetAct versions prior to 22 SP1037

Description An issue was discovered in the Site Configuration Tool tab of Nokia NetAct, where attackers can upload a ZIP file that, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.

Recommendations For versions prior to 22 SP1037, update to version 22 SP1037 or later to resolve the issue. As a temporary workaround, consider disabling the file upload option in the Site Configuration Tool tab until a patch is available. Restrict access to the Site Configuration Tool to minimize the risk of exploitation. Avoid using the upload option for ZIP files in the affected tool until the issue is resolved.