CVE-2022-35503
📋 TL;DR
CVE-2022-35503 is an improper input validation vulnerability in Open Source MANO (OSM) that allows authenticated attackers to execute arbitrary code within the Lifecycle Management (LCM) module container via malicious VNF descriptors. This affects OSM deployments versions 7 through 12 where attackers could compromise OSM components, steal sensitive data, or pivot to other telecom infrastructure. Organizations using vulnerable OSM versions for network function virtualization orchestration are at risk.
💻 Affected Systems
- Open Source MANO (OSM)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of OSM deployment leading to unauthorized access to telecom operator infrastructure, data exfiltration, service disruption, and lateral movement to other critical systems.
Likely Case
Compromise of the LCM module container allowing execution of arbitrary commands, potential data theft from OSM components, and manipulation of VNF deployments.
If Mitigated
Limited impact due to network segmentation, container isolation, and proper authentication controls preventing exploitation even if vulnerable.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of VNF descriptor manipulation. The vulnerability is in the input validation of VNF descriptors that get processed by the LCM module.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OSM Release THIRTEEN and later
Vendor Advisory: https://osm.etsi.org/news-events/blog/83-cve-2022-35503-disclosure
Restart Required: Yes
Instructions:
1. Backup current OSM deployment and configuration. 2. Upgrade to OSM Release THIRTEEN or later following official upgrade procedures. 3. Restart OSM services to apply the fix. 4. Verify the upgrade was successful and functionality is maintained.
🔧 Temporary Workarounds
Restrict VNF descriptor uploads
linuxImplement strict validation and sanitization of VNF descriptors before they reach the LCM module
# Implement custom validation scripts for VNF descriptors
# Configure OSM to reject malformed descriptors
Enhance authentication controls
allImplement multi-factor authentication and strict access controls for OSM administrative interfaces
# Configure OSM with MFA if supported
# Implement IP whitelisting for administrative access
🧯 If You Can't Patch
- Implement network segmentation to isolate OSM deployment from other critical infrastructure
- Enhance monitoring and logging of LCM module activities and VNF descriptor processing
🔍 How to Verify
Check if Vulnerable:
Check OSM version using 'osm version' command and verify if it's between v7 and v12 inclusiveCheck Version:
osm versionVerify Fix Applied:
After upgrade, verify version is THIRTEEN or later using 'osm version' and test VNF descriptor processing functionality📡 Detection & Monitoring
Log Indicators:
- Unusual VNF descriptor upload patterns
- Unexpected process execution within LCM container
- Authentication attempts followed by descriptor manipulation
Network Indicators:
- Unusual outbound connections from OSM LCM module
- Traffic patterns indicating data exfiltration
SIEM Query:
source="osm-logs" AND ("VNF descriptor" AND "malformed" OR "unexpected") OR (process="LCM" AND command="exec")