Description

In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to

Related CPE's

o

ericsson

operations_support_system-radio_and_core_firmware

Vulnerable

h

ericsson

operations_support_system-radio_and_core

-

References

https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-459

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.9 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-14T18:15:12.697

3 years ago

Last modified

2024-08-04T00:15:22.343

11 months ago