CVE-2022-28863

Name of the Vulnerable Software and Affected Versions Nokia NetAct version 22

Description A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the "/netact/sct" dir parameter in conjunction with the operation=upload value.

Recommendations For Nokia NetAct version 22, restrict access to the "/netact/sct" endpoint to prevent arbitrary file uploads until a patch is available. As a temporary workaround, consider disabling the file upload functionality in the Site Configuration Tool section to minimize the risk of exploitation.