CVE-2022-39820

Name of the Vulnerable Software and Affected Versions NOKIA NFM-T version R19.9

Description An Unprotected Storage of Credentials issue occurs in the Network Element Manager under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom 199/OTNE DRC/RestUploadManager.xml. A remote user, authenticated to the operating system with access privileges to the directory /root or /DEPOT, can read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.

Recommendations For NOKIA NFM-T version R19.9, consider restricting access to the directories /root and /DEPOT to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users to prevent them from reading sensitive files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.