First published: Tue Apr 25 2023(Updated: )
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nokia NetAct | =20.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2023-26057.
The severity of CVE-2023-26057 is medium with a CVSS score of 6.5.
Nokia NetAct version 20.1 is affected by CVE-2023-26057.
CVE-2023-26057 is an XXE issue in Nokia NetAct before 22 FP2211, allowing an attacker to exploit XML parsing vulnerabilities in the Configuration Dashboard page.
Exploiting CVE-2023-26057 requires sending a malicious XML document to the Configuration Dashboard page, taking advantage of missing input validation and improper XML parser configuration.