CVE-2021-32570
CVSS V2 None
CVSS V3 Medium 4.9
Description
In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation.
Overview
- CVE ID
- CVE-2021-32570
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-08-26T00:15:08
- Last Modified Date
- 2022-09-09T18:36:19
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:ericsson:network_manager:*:*:*:*:*:*:*:* | 1 | OR | 21.2 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- HIGH
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 4.9
- Base Severity
- MEDIUM
- Exploitability Score
- 1.2
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://www.gruppotim.it/it/footer/red-team.html | |
| https://www.ericsson.com |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-32570 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32570 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-08-26 01:00:07 | Added to TrackCVE |