Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-25007

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.

Published

2024-04-04T19:15:07.477

Last Modified

2024-11-21T09:00:07.803

Status

Modified

Source

85b1779b-6ecd-4f52-bcc5-73eac4659dcf

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-1236
Type: Primary
CWE-1236

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ericsson	network_manager	< 23.1	Yes

References

https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024 Vendor Advisory (85b1779b-6ecd-4f52-bcc5-73eac4659dcf)
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)