CVE-2024-25007 — HIGH (7.1)

Q: How severe is CVE-2024-25007?

CVE-2024-25007 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-25007?

Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Network Manager.

Vulnerability Description

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Ericsson	Network Manager	< 23.1

Related Weaknesses (CWE)

CWE-1236

References

https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-Vendor Advisory
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-Vendor Advisory

FAQ

What is CVE-2024-25007?

CVE-2024-25007 is a vulnerability with a CVSS score of 7.1 (HIGH). Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to ...

How severe is CVE-2024-25007?

CVE-2024-25007 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-25007?

Check the references section above for vendor advisories and patch information. Affected products include: Ericsson Network Manager.