Filtered by vendor Nokia
Subscriptions
Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41763 | 1 Nokia | 1 Access Management System | 2024-08-03 | 8.8 High |
| An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service. | ||||
| CVE-2022-41762 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-08-03 | 6.1 Medium |
| An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. | ||||
| CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.5 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | ||||
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.5 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | ||||
| CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.1 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | ||||
| CVE-2022-40712 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.1 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. | ||||
| CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 7.5 High |
| In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | ||||
| CVE-2022-39820 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-08-03 | 6.5 Medium |
| In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements. | ||||
| CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 8.8 High |
| In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. | ||||
| CVE-2022-39816 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.5 Medium |
| In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | ||||
| CVE-2022-39818 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-08-03 | 8.8 High |
| In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system. | ||||
| CVE-2022-39819 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 8.8 High |
| In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system. | ||||
| CVE-2022-39814 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 6.1 Medium |
| In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | ||||
| CVE-2022-39815 | 1 Nokia | 1 1350 Optical Management System | 2024-08-03 | 9.8 Critical |
| In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system. | ||||
| CVE-2022-38788 | 1 Nokia | 2 Fastmile 5g Receiver, Fastmile 5g Receiver Firmware | 2024-08-03 | 4.3 Medium |
| An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key). | ||||
| CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2024-08-03 | 6.5 Medium |
| Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | ||||
| CVE-2022-36222 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2024-08-03 | 8.4 High |
| Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | ||||
| CVE-2022-31244 | 1 Nokia | 1 One-network Directory Server | 2024-08-03 | 7.8 High |
| Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | ||||
| CVE-2022-30903 | 1 Nokia | 2 G-2425g-a, G-2425g-a Firmware | 2024-08-03 | 4.8 Medium |
| Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | ||||
| CVE-2022-30759 | 1 Nokia | 1 One-nds | 2024-08-03 | 8.8 High |
| In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | ||||