CVE-2022-39818

Name of the Vulnerable Software and Affected Versions NOKIA NFM-T version R19.9

Description An OS Command Injection issue occurs in the /cgi-bin/R19.9/log.pl endpoint of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands with root privileges on the operating system.

Recommendations For NOKIA NFM-T version R19.9, consider disabling access to the /cgi-bin/R19.9/log.pl endpoint or restricting the use of the cmd parameter until a patch is available.