CVE-2022-39820 Information

Description

In Network Element Manager in NOKIA NFM-T R19.9 an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user authenticated to the operating system with access privileges to the directory /root or /DEPOT is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.

Reference

https://www.gruppotim.it/it/footer/red-team.html