CVE-2024-25007 – Ericsson Network Manager (ENM) versions before ... (How to Fix)

Q: What is the severity of CVE-2024-25007?

CVE-2024-25007 has a CVSS score of 7.1 (HIGH). Ericsson Network Manager (ENM) versions before 23.1 have a CSV injection vulnerability in the application log export function. Attackers with administration access on adjacent networks can exploit this to execute code or disclose information. The vulnerability primarily affects integrity and availability is limited.

📋 TL;DR

Ericsson Network Manager (ENM) versions before 23.1 have a CSV injection vulnerability in the application log export function. Attackers with administration access on adjacent networks can exploit this to execute code or disclose information. The vulnerability primarily affects integrity and availability is limited.

💻 Affected Systems

Products:

Ericsson Network Manager (ENM)

Versions: All versions prior to 23.1

Operating Systems: Not specified - likely various

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administration access and adjacent network positioning to exploit.

📦 What is this software?

Network Manager by Ericsson

View all CVEs affecting Network Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could execute arbitrary code on the ENM server, potentially gaining full control over the network management system.

🟠

Likely Case

Information disclosure through malicious CSV formulas or limited code execution within the context of the export function.

🟢

If Mitigated

With proper network segmentation and access controls, exploitation would be limited to authorized administrators only.

🌐 Internet-Facing: LOW - The vulnerability requires administration access and adjacent network positioning.

🏢 Internal Only: MEDIUM - Internal administrators with access could exploit this, but requires specific privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires administration access and knowledge of CSV injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.1

Vendor Advisory: https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024

Restart Required: Yes

Instructions:

1. Download ENM version 23.1 from Ericsson support portal. 2. Backup current configuration and data. 3. Install the update following Ericsson's upgrade procedures. 4. Restart the ENM system. 5. Verify functionality post-upgrade.

🔧 Temporary Workarounds

Restrict CSV Export Access

all

Limit access to the application log export function to only essential administrators.

Network Segmentation

all

Isolate ENM systems from general network access and implement strict access controls.

🧯 If You Can't Patch

Implement strict access controls to limit who can access the CSV export function
Monitor for suspicious CSV export activities and review administrator actions

🔍 How to Verify

Check if Vulnerable:

Check ENM version via web interface or command line. Versions below 23.1 are vulnerable.

Check Version:

Check ENM web interface or consult Ericsson documentation for version checking commands specific to your deployment.

Verify Fix Applied:

Verify ENM version is 23.1 or higher and test CSV export functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual CSV export activities
Multiple failed export attempts
Administrator account anomalies

Network Indicators:

Suspicious traffic from ENM systems
Unexpected outbound connections after CSV exports

SIEM Query:

source="ENM" AND (event="CSV_EXPORT" OR event="LOG_EXPORT") AND user="admin*"

📊 Metadata

CVE ID: CVE-2024-25007

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

CWE: CWE-1236

Published: April 4, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25007, you might also want to check these: