The default configuration in ETSI Open-Source MANO (OSM) v.14.x, v.15.x, v.16.x, v.17.x does not impose any restrictions on the authentication attempts performed by the default admin user, allowing a remote attacker to escalate privileges.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.