Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-32570

In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation.

Published

2022-08-26T00:15:08.723

Last Modified

2024-11-21T06:07:17.470

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ericsson	network_manager	< 21.2	Yes

References

https://www.ericsson.com Vendor Advisory ([email protected])
https://www.gruppotim.it/it/footer/red-team.html Third Party Advisory ([email protected])
https://www.ericsson.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.gruppotim.it/it/footer/red-team.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)