The exploitation of these vulnerabilities may have affected the security and stable operation of the system
Nokia has fixed five vulnerabilities in Nokia NetAct found by Positive Technologies experts Vladimir Razov and Alexander Ustinov. Nokia NetAct is used by more than 500 communications service providers to monitor and control telecommunication networks, base stations, and other systems. The vendor was notified of the threat as part of standard responsible disclosure and has fixed the vulnerabilities in new versions of the software.
"By exploiting the detected vulnerabilities (performing XXE injection1 or server-side request forgery (SSRF)), an attacker could potentially advance far enough in the infrastructure to cause significant damage, up to disabling some components. However, it is difficult to say whether this could have had a direct effect on customers," explained Positive Technologies experts who discovered the vulnerabilities.
Two XXE vulnerabilities turned out to be the most severe: CVE-2023-26057 and CVE-2023-26058. Both received a CVSS v3 score of 5.8. These vulnerabilities enabled attackers with authorized access to the application to import XML files on the NetAct web interface pages, while the parser2 incorrectly processed external entities in these files. By using external entities, attackers can read data from the file system and send requests on behalf of the computer with NetAct installed. Input data was not verified, and XML parsers were configured incorrectly.
Three other vulnerabilities received a score of 5.0. By using them, attackers could perform cross-site scripting (XSS) and exploit insufficient verification of certain data input in the NetAct interface (CVE-2023-26061) or the possibility to load a ZIP file with particular parameters without checking its content (CVE-2023-26059). Another vulnerability, CVE-2023-26060, allowed bad actors to perform Cross-Site Template Injection (CSTI).
The vulnerabilities were detected in NetAct 20 and NetAct 22. Users are recommended to install NetAct 22 FP2211, the patched version of the system, or a newer one.
To detect or block attacks that exploit the described vulnerabilities, companies can use web application firewalls, endpoint protection solutions (EDR, XDR), and network traffic analysis (NTA) systems.
- Injection of external XML entities; exploitation of a security flaw related to insufficient verification of incoming XML files by the application. Included in OWASP Top 10.
- A program that extracts data from a source file and saves or uses it for further actions. All modern browsers have a built-in XML parser.