CVE-2022-35503

Name of the Vulnerable Software and Affected Versions Open Source MANO versions 7 through 12

Description The issue is related to improper verification of user input, allowing an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. This could enable the attacker to change the normal execution of the OSM components, retrieve confidential information, or gain access to other parts of a Telco Operator infrastructure.

Recommendations For Open Source MANO versions 7 through 12, consider restricting access to the LCM module container and Virtual Network Function (VNF) descriptors to minimize the risk of exploitation. As a temporary workaround, limit the execution of arbitrary code within the container until a patch is available.