CVE-2022-43675 in NFM-T
Summary
by MITRE • 12/25/2023
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/19/2024
The vulnerability identified as CVE-2022-43675 represents a critical reflected cross-site scripting flaw within the Nokia Network Element Manager NFM-T version R19.9. This security weakness resides in the web-based management interface of the network infrastructure software, specifically affecting multiple endpoints within the oms1350/pages/otn directory structure. The vulnerability allows malicious actors to inject arbitrary JavaScript code into web pages viewed by legitimate users, creating a significant attack surface that could compromise the entire network management system. The flaw manifests through three distinct attack vectors, each targeting different parameters within the affected application modules.
The technical implementation of this vulnerability stems from inadequate input validation and output encoding within the Nokia Network Element Manager's web interface components. When the application processes user-supplied parameters without proper sanitization, it fails to escape special characters that could be interpreted as HTML or JavaScript code. The specific parameters affected include filename in the cpbLogDisplay endpoint, id in the E2ERoutingDisplayWithOverLay endpoint, and all parameters in the mainOtn endpoint. This reflects a classic reflected XSS pattern where malicious payloads are injected through URL parameters and then reflected back to users without proper context-aware encoding. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws in web applications, and represents a fundamental breakdown in the application's security input validation mechanisms.
The operational impact of this vulnerability extends far beyond simple script injection, as it provides attackers with the capability to execute arbitrary code within the context of authenticated users' browsers. An attacker could exploit this weakness to steal session cookies, perform unauthorized actions on behalf of legitimate users, or redirect victims to malicious sites. Given that this affects the Network Element Manager, which typically handles critical network configuration and monitoring functions, successful exploitation could lead to complete compromise of the network management infrastructure. The attack requires minimal privileges as it targets the web interface rather than requiring direct system access, making it particularly dangerous for network administrators who frequently interact with the management console. This vulnerability could enable attackers to gain persistent access to network configuration data, potentially leading to service disruption, data exfiltration, or further lateral movement within the network infrastructure.
Mitigation strategies for CVE-2022-43675 should prioritize immediate patch application from Nokia, as the vendor has likely released security updates addressing this specific flaw. Organizations should implement input validation at multiple layers including web application firewalls, API gateways, and application-level defenses to prevent malicious payloads from reaching the vulnerable endpoints. Network segmentation and access control measures should be strengthened to limit exposure of the affected management interface to trusted networks only. Security teams should conduct comprehensive penetration testing to identify any additional vulnerable parameters or endpoints within the broader application ecosystem. The implementation of Content Security Policy headers and proper output encoding mechanisms should be enforced across all web applications to prevent similar vulnerabilities from emerging in the future. This vulnerability demonstrates the critical importance of maintaining up-to-date security patches and implementing defense-in-depth strategies as outlined in the mitre ATT&CK framework's web application attack patterns, particularly focusing on the execution and persistence phases of the attack lifecycle.