CVE-2024-25007

Name of the Vulnerable Software and Affected Versions Ericsson Network Manager (ENM) versions prior to 23.1

Description The issue is related to the export function of the application log, where improper neutralization of formula elements in a CSV file can lead to code execution or information disclosure. This has limited impact on integrity and availability. An attacker with administration access on an adjacent network can exploit this issue.

Recommendations For Ericsson Network Manager (ENM) versions prior to 23.1, update to version 23.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the export function of the application log to minimize the risk of exploitation.