CVE-2024-25007 HIGH

CVE-2024-25007: Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability

Vendor Ericsson
Product Ericsson Network Manager
Weakness CWE-1236
Published April 4, 2024
Last update August 1, 2024

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.

Key dates

02Disclosure timeline

April 4, 2024 CVE published
August 1, 2024 Record updated