Security Advisory

CVE-2022-39820

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-25 00:00:00

Last updated 2024-08-03 12:07:42

Assigner mitre

State PUBLISHED

Description

In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.

← Browse all CVEs View on cve.org ↗