Nokia NetAct

Main article: EAM system

2023: Fix five vulnerabilities

Nokia has fixed five vulnerabilities in the NetAct system Nokia discovered by experts Positive Technologies Vladimir Razov and Alexander Ustinov. PT announced this on April 19, 2023. This ON is used by more than 500 providers communications to monitor and manage telecommunication networks, base stations and other systems. By, to data RBC Nokia Russia accounts for about 20-25% of all installed equipment. Nokia has a 9% share in the global market. The manufacturer was notified of the threat as part of a responsible disclosure policy and fixed vulnerabilities in the latest software version.

By exploiting the discovered vulnerabilities (performing XXE injection or side-side request tampering servers (SSRF)), an attacker could potentially go far enough in the infrastructure provider and inflict significant damage, up to the disabling of some components. However, it is difficult to say whether this could have affected the provider's clients directly, said Positive Technologies experts who found the vulnerabilities.

The most serious were two XXE vulnerabilities (CVE-2023-26057 (BDU:2023-01307) and CVE-2023-26058 (BDU: 2023-01306)), which received the same score of 5.8 on the CVSS v3 scale. They allowed attackers with authorized access to the application to import XML-files on the pages of the Nokia NetAct web interface, while the parser incorrectly processed external entities that are in this XML file. Using external entities, you can read data from the file system, as well as send requests on behalf of computer the NetAct installed. The problems were related to the lack of input validation and incorrect configuration of XML parsers.

Three other vulnerabilities were rated 5.0. Using them, attackers could use cross-site script execution (XSS), exploiting insufficient verification of the entry of certain data in the NetAct interface (CVE-2023-26061 (BDU: 2023-01303)) or the ability to download a ZIP file with certain parameters without checking its contents (CVE-2023-26059 (BDU: 2023-01305)). Another vulnerability, CVE-2023-26060 (BDU: 2023-01304), allowed criminals to implement template expressions (Cross-Site Template Injection, CSTI).

Vulnerabilities were identified in NetAct 20 and NetAct 22. Users are advised to install a fixed version of the system - NetAct 22 FP2211 or newer.

To detect or block attacks that exploit the vulnerabilities described, companies can use a web application layer firewall, endpoint protection products (EDR, XDR) and a network traffic analysis system (NTA).