CVE-2022-40712 is a reflected Cross-Site Scripting (XSS) vulnerability identified in Nokia 1350OMS R14.2, specifically affecting various endpoints under the /cgi-bin/R14.2* path. Reflected XSS occurs when user-supplied input is immediately returned by a web application without proper sanitization or encoding, allowing attackers to inject malicious scripts that execute in the context of the victim's browser. This vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. The CVSS v3.1 base score is 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reveals that the attack can be launched remotely over the network without privileges, requires low attack complexity, no privileges, but does require user interaction (such as clicking a crafted link). The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component. The impact affects confidentiality and integrity to a limited extent but does not affect availability. No patches or known exploits in the wild have been reported as of the publication date. The vulnerability is significant because the Nokia 1350OMS is a network management system used in telecommunications infrastructure, which may be accessible to administrators or operators via web interfaces. Exploiting this XSS could allow attackers to steal session cookies, perform actions on behalf of authenticated users, or deliver further payloads, potentially compromising network management operations.

For European organizations, particularly telecom operators and service providers using Nokia 1350OMS R14.2, this vulnerability poses a risk to the security of their network management systems. Successful exploitation could lead to unauthorized access to management consoles, session hijacking, or manipulation of network configurations. This could degrade the confidentiality and integrity of network operations, potentially leading to service disruptions or data leakage. Given the critical role of telecom infrastructure in Europe’s digital economy and public services, even a medium-severity reflected XSS in such a system can have outsized consequences if chained with other vulnerabilities or social engineering attacks. Additionally, attackers could use this vulnerability as a foothold to escalate privileges or move laterally within the network. The requirement for user interaction limits the attack vector to targeted phishing or social engineering campaigns aimed at network administrators or operators.

1. Implement strict input validation and output encoding on all /cgi-bin/R14.2* endpoints to neutralize malicious scripts. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in the web interface. 3. Educate network administrators and operators about phishing risks and the dangers of clicking untrusted links, especially those related to management consoles. 4. Restrict access to the Nokia 1350OMS web interface to trusted networks and use VPNs or zero-trust network access solutions to limit exposure. 5. Monitor web server logs for suspicious requests targeting /cgi-bin/R14.2* endpoints and implement Web Application Firewall (WAF) rules to detect and block reflected XSS payloads. 6. Engage with Nokia support channels to obtain any available patches or updates addressing this vulnerability and apply them promptly. 7. Regularly audit and review user privileges and session management to minimize the impact of potential session hijacking.