CVE-2023-31044
CSV Injection Vulnerability in Nokia Impact Campaign Name Export
Publication date: 2026-03-03
Last updated on: 2026-03-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | impact_mobile | From 19.11 (inc) to 23 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-31044 is a vulnerability in Nokia Impact (Motive) software version 19.11 and later, where a remote authenticated user can inject malicious payloads into the Campaign Name field using the Add Campaign functionality.
This injected data can then be exported to a CSV file, which may contain formula elements that are not properly neutralized.
When the CSV file is opened in spreadsheet software that automatically executes these formulas, it can lead to command injection or other malicious activities.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary commands on the affected system by injecting malicious formulas into CSV files.
If a user opens the exported CSV file in spreadsheet software that automatically executes formulas, it could lead to data exfiltration or other malicious activities.
The impact is limited by the need for authenticated access and user interaction to open the malicious CSV file.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that you upgrade Nokia Impact to a version later than Mobile 23_FP1 or Motive software beyond version 19.11 where the issue is fixed.
Additionally, restrict the use of the Add Campaign functionality to trusted users only, as the vulnerability requires remote authenticated access.
Avoid automatically opening or executing exported CSV files in spreadsheet software without proper validation, as the malicious payload can be triggered during such operations.