Login Sign Up

CVE-2023-39909

8.8 HIGH
Authentication Bypass

📋 TL;DR

CVE-2023-39909 is an access control vulnerability in Ericsson Network Manager that allows unauthenticated low-privilege users to access the NCM (Network Configuration Manager) application. This affects Ericsson Network Manager installations before version 23.2, potentially exposing network management functionality to unauthorized users.

💻 Affected Systems

Products:
  • Ericsson Network Manager
Versions: All versions before 23.2
Operating Systems: Not specified, likely various Linux distributions
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the NCM (Network Configuration Manager) application component within Ericsson Network Manager.

📦 What is this software?

Network Manager by Ericsson

View all CVEs affecting Network Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative control over network devices, modify configurations, disrupt network operations, or exfiltrate sensitive network data.

🟠

Likely Case

Unauthorized users access network configuration data, view sensitive information, or make unauthorized configuration changes to network devices.

🟢

If Mitigated

Limited exposure with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - If the Network Manager interface is exposed to the internet, attackers can directly exploit this without authentication.
🏢 Internal Only: HIGH - Even internally, unauthenticated low-privilege users can access sensitive network management functions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability description suggests straightforward exploitation by unauthenticated users accessing the NCM application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.2 or later

Vendor Advisory: https://www.gruppotim.it/it/footer/red-team.html

Restart Required: Yes

Instructions:

1. Upgrade Ericsson Network Manager to version 23.2 or later. 2. Follow Ericsson's upgrade documentation. 3. Restart the Network Manager services. 4. Verify the NCM application access controls are properly enforced.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the Ericsson Network Manager from untrusted networks and restrict access to authorized users only.

Access Control Lists

all

Implement strict firewall rules to limit access to the Network Manager interface.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the Network Manager from all untrusted networks
  • Deploy additional authentication layers (VPN, reverse proxy with authentication) in front of the Network Manager interface

🔍 How to Verify

Check if Vulnerable:

Check the Ericsson Network Manager version. If it's below 23.2, the system is vulnerable.

Check Version:

Check through Ericsson Network Manager web interface or administrative console for version information.

Verify Fix Applied:

After upgrading to 23.2 or later, verify that unauthenticated users cannot access the NCM application.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to NCM application
  • Access from unauthorized user accounts to network management functions

Network Indicators:

  • Unusual traffic patterns to Network Manager NCM endpoints
  • Access from unexpected IP addresses to management interfaces

SIEM Query:

source="network_manager" AND (event="unauthorized_access" OR user="unauthenticated") AND target="ncm_application"

📊 Metadata

CVE ID: CVE-2023-39909
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: December 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON