Vulnerability Description: Unrestricted Upload of File with Dangerous Type - CWE-434
Software Version: NOKIA NetAct 18A
NIST: https://nvd.nist.gov/vuln/detail/CVE-2021-26597
CVSv3: 6.5
Severity: Medium
Credits: Raffaella Robles, Andrea Carlo Maria Dattola, Massimiliano Brolli
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.