CVE-2023-31044
Received Received - Intake
CSV Injection Vulnerability in Nokia Impact Campaign Name Export

Publication date: 2026-03-03

Last updated on: 2026-03-09

Assigner: MITRE

Description
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-03
EPSS Evaluated
2026-06-15
NVD
CVE-2023-31044
EUVD
EUVD-2023-35381
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nokia impact_mobile From 19.11 (inc) to 23 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-31044 is a vulnerability in Nokia Impact (Motive) software version 19.11 and later, where a remote authenticated user can inject malicious payloads into the Campaign Name field using the Add Campaign functionality.

This injected data can then be exported to a CSV file, which may contain formula elements that are not properly neutralized.

When the CSV file is opened in spreadsheet software that automatically executes these formulas, it can lead to command injection or other malicious activities.

Impact Analysis

This vulnerability can allow attackers to execute arbitrary commands on the affected system by injecting malicious formulas into CSV files.

If a user opens the exported CSV file in spreadsheet software that automatically executes formulas, it could lead to data exfiltration or other malicious activities.

The impact is limited by the need for authenticated access and user interaction to open the malicious CSV file.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that you upgrade Nokia Impact to a version later than Mobile 23_FP1 or Motive software beyond version 19.11 where the issue is fixed.

Additionally, restrict the use of the Add Campaign functionality to trusted users only, as the vulnerability requires remote authenticated access.

Avoid automatically opening or executing exported CSV files in spreadsheet software without proper validation, as the malicious payload can be triggered during such operations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-31044. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart