Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nokia vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-31244
Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.
Nokia One-network Directory Server 17r2
6.5
CVSSv3
CVE-2023-26057
An XXE issue exists in Nokia NetAct prior to 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created pa...
Nokia Netact 20.1
6.5
CVSSv3
CVE-2023-26058
An XXE issue exists in Nokia NetAct prior to 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created paramete...
Nokia Netact 20.1
5.4
CVSSv3
CVE-2023-26059
An issue exists in Nokia NetAct prior to 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demili...
Nokia Netact 20.1
8.8
CVSSv3
CVE-2023-26060
An issue exists in Nokia NetAct prior to 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very ...
Nokia Netact
5.4
CVSSv3
CVE-2023-26061
An issue exists in Nokia NetAct prior to 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exp...
Nokia Netact
7.1
CVSSv3
CVE-2022-2483
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.
Nokia Asik Airscale 474021a.102 Firmware -
Nokia Asik Airscale 474021a.101 Firmware -
7.8
CVSSv3
CVE-2022-2484
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an malicious user to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.
Nokia Asik Airscale 474021a.101 Firmware -
8.8
CVSSv3
CVE-2022-2482
A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an malicious user to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execu...
Nokia Asik Airscale 474021a.102 Firmware -
Nokia Asik Airscale 474021a.101 Firmware -
6.5
CVSSv3
CVE-2022-36221
Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows malicious users to read any named pipe file on the system.
Nokia Fastmile Firmware 3tg00118abad52
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »