CVE-2023-26058: XEE
First published: Tue Apr 25 2023(Updated: )
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nokia NetAct | =20.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-26058?
CVE-2023-26058 is a vulnerability in Nokia NetAct before 22 FP2211 that allows for an XML External Entity (XXE) attack via an XML document to a Performance Manager page.
What is the severity of CVE-2023-26058?
CVE-2023-26058 has a severity rating of medium with a score of 6.5.
How can an external attacker exploit CVE-2023-26058?
For an external attacker, it is very difficult to exploit CVE-2023-26058 due to missing input validation and a proper XML parser configuration.
What software is affected by CVE-2023-26058?
CVE-2023-26058 affects Nokia NetAct version 20.1.
Is there a fix for CVE-2023-26058?
To fix CVE-2023-26058, it is recommended to upgrade to Nokia NetAct 22 FP2211 or a later version.
- collector/nvd-index
- vendor/nokia
- canonical/nokia netact
- version/nokia netact/20.1