Vulnerability Description
In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ericsson | Operations Support System-Radio And Core Firmware | <= 18b |
| Ericsson | Operations Support System-Radio And Core | - |
Related Weaknesses (CWE)
References
- https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.Third Party Advisory
- https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.Third Party Advisory
FAQ
What is CVE-2021-32571?
CVE-2021-32571 is a vulnerability with a CVSS score of 4.9 (MEDIUM). In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privi...
How severe is CVE-2021-32571?
CVE-2021-32571 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32571?
Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Operations Support System-Radio And Core Firmware, Ericsson Operations Support System-Radio And Core.