Vulnerability Description
In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ericsson | Mobile Switching Center Server Bc 18A Firmware | >= is_3.1, < is_3.1_cp22 |
| Ericsson | Mobile Switching Center Server Bc 18A | - |
Related Weaknesses (CWE)
References
- https://www.ericsson.com/en/about-us/security/psirtVendor Advisory
- https://www.gruppotim.it/it/footer/red-team.htmlThird Party Advisory
- https://www.ericsson.com/en/about-us/security/psirtVendor Advisory
- https://www.gruppotim.it/it/footer/red-team.htmlThird Party Advisory
FAQ
What is CVE-2021-28485?
CVE-2021-28485 is a vulnerability with a CVSS score of 4.3 (MEDIUM). In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which ...
How severe is CVE-2021-28485?
CVE-2021-28485 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28485?
Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Mobile Switching Center Server Bc 18A Firmware, Ericsson Mobile Switching Center Server Bc 18A.