CVE-2022-41760 in NFM-T
Summary
by MITRE • 12/25/2023
An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/18/2024
The vulnerability CVE-2022-41760 represents a critical relative path traversal flaw in Nokia's Network Element Manager NFM-T version R19.9. This security weakness exists within the /oms1350/data/cpb/log endpoint of the web application interface, where the filename parameter fails to properly validate or sanitize user input. The vulnerability allows authenticated attackers to manipulate the filename parameter to access files outside the intended directory structure, potentially enabling unauthorized data access and information disclosure.
This flaw falls under the CWE-22 category of Path Traversal vulnerabilities, specifically manifesting as a relative path traversal attack. The vulnerability operates by exploiting insufficient input validation mechanisms that should normally prevent directory traversal sequences such as "../" or "..\\" from being processed. When an attacker submits malicious input through the filename parameter, the application processes these sequences without proper sanitization, allowing access to arbitrary files on the server filesystem. The vulnerability is particularly concerning because it requires only authentication, meaning that attackers who have obtained valid credentials can exploit this weakness without requiring additional privileges.
The operational impact of this vulnerability extends beyond simple file disclosure. Attackers can potentially access sensitive configuration files, log files containing authentication credentials, system information, and other confidential data stored within the application's directory structure. This could lead to complete system compromise, especially if the application runs with elevated privileges or if the accessed files contain sensitive information such as database connection strings, encryption keys, or administrative credentials. The vulnerability affects the Network Element Manager's data collection and logging functionality, which typically handles critical operational data from network elements, making it a prime target for attackers seeking to gather intelligence about network infrastructure.
From a threat modeling perspective, this vulnerability aligns with ATT&CK technique T1074.001 for data staging and T1566.001 for credential access through valid accounts. The attack chain typically begins with an authenticated attacker who can leverage this vulnerability to escalate their access and gather information about the network infrastructure. The vulnerability is particularly dangerous in enterprise environments where network management systems contain sensitive operational data and administrative credentials. Organizations using Nokia NFM-T R19.9 should consider immediate remediation through patching or implementing compensating controls such as input validation, directory traversal prevention mechanisms, and network segmentation to limit the impact of potential exploitation. The vulnerability demonstrates the critical importance of proper input validation and secure coding practices in web applications, particularly in management interfaces that handle sensitive operational data.