Vendor
Nokia
Vulnerable software
NetAct v 20.1
Severity level
Severity level: Medium
Impact: Stored Cross-Site Scripting (XSS)
Access Vector: Remote
CVSS v3.1
Base Score: 5,0
Vector: (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/MAV:L/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MI:L/MA:L)
CVE-2023-26059
Vulnerability description:
Since the Site Configuration tool has an upload option, it doesn’t validate the file contents. An attacker can upload a Zip file which, when processed, exploits Stored XSS. The attack can only be performed by an internal user. NetAct 22 SP1037 is already delivered on top of NetAct 22 FP2208, SP package would be delivered on request for other releases.
Advisory status
10.10.2022 - Vendor gets vulnerability details
Credits
The vulnerability was detected by Vladimir Razov and Aleksandr Ustinov (Positive Technologies)
Get in touch
will contact you shortly