First published: Mon Apr 24 2023(Updated: )
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nokia NetAct | =20.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-26059 is medium with a CVSS score of 5.4.
Nokia NetAct version 20.1 is affected by CVE-2023-26059.
CVE-2023-26059 allows attackers to upload a malicious ZIP file that exploits Stored XSS, potentially leading to unauthorized access or data theft.
To fix CVE-2023-26059, it is recommended to upgrade Nokia NetAct to version 22 SP1037 or a later version that addresses the vulnerability.
For more information about CVE-2023-26059, you can refer to the references provided: https://nokia.com and https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-03/