CVE-2021-32571 - Vulnerability Details - OpenCVE

ReportizFlow

In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ericsson	Operations Support System-radio And Core Operations Support System-radio And Core Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ericsson:operations_support_system-radio_and_core_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ericsson:operations_support_system-radio_and_core:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-14T17:03:18

Updated: 2024-08-03T23:25:30.340Z

Reserved: 2021-05-11T00:00:00

Link: CVE-2021-32571

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-10-14T18:15:12.697

Modified: 2024-11-21T06:07:17.620

Link: CVE-2021-32571

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-14T17:03:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html"}], "tags": ["unsupported-when-assigned"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2021-32571", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html", "refsource": "MISC", "url": "https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:30.340Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-32571", "datePublished": "2021-10-14T17:03:18", "dateReserved": "2021-05-11T00:00:00", "dateUpdated": "2024-08-03T23:25:30.340Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ericsson:operations_support_system-radio_and_core_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E31C4A7-64AC-4041-9C13-B4B49B1FB761", "versionEndIncluding": "18b", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ericsson:operations_support_system-radio_and_core:-:*:*:*:*:*:*:*", "matchCriteriaId": "334DFFD3-7EC3-4304-8CF1-DF555282200C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top privileged accounts only. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to"}, {"lang": "es", "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** En los sistemas OSS-RC de la versi\u00f3n 18B y anteriores, durante los procedimientos de migraci\u00f3n de datos, determinados archivos que contienen nombres de usuario y contrase\u00f1as se dejan en el sistema sin borrar, pero en carpetas a las que s\u00f3lo pueden acceder las cuentas con mayores privilegios. NOTA: Esta vulnerabilidad s\u00f3lo afecta a los productos que ya no son soportados por el mantenedor. Ericsson Network Manager es un sistema OSS de nueva generaci\u00f3n al que los clientes de OSS-RC deber\u00e1n actualizarse"}], "id": "CVE-2021-32571", "lastModified": "2024-11-21T06:07:17.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-10-14T18:15:12.697", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gruppotim.it/it/innovazione/servizi-digitali/cybersecurity/red-team.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-459"}], "source": "[email protected]", "type": "Primary"}]}