Vulnerabilities > CVE-2022-28864 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Nokia Netact 22.0.0.62

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

nokia

CWE-1236

NVD

Published: 2023-07-24

Updated: 2023-08-02

Summary

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used.

Vulnerable Configurations

Part	Description	Count
Application	Nokia Nokia Netact 22.0.0.62	1

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://www.gruppotim.it/it/footer/red-team.html
https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html