Vulnerabilities > CVE-2022-46408 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ericsson

CWE-1236

NVD

Published: 2023-06-29

Updated: 2023-07-06

Summary

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ericsson Ericsson Network Manager - Ericsson Network Manager 21.2	2

Common Weakness Enumeration (CWE)

CWE-1236 - Improper Neutralization of Formula Elements in a CSV File

References

https://www.gruppotim.it/it/footer/red-team.html