CVE-2023-25188

Опубликовано: 16 июн. 2023

Источник: nvd

CVSS3: 5.1

CVSS3: 7.8

EPSS Низкий

Описание

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.

Ссылки

https://Nokia.com
Product
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25188/
Vendor Advisory
https://Nokia.com
Product
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25188/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:nokia:asika_airscale_firmware:19b:*:*:*:*:*:*:*

cpe:2.3:o:nokia:asika_airscale_firmware:20a:*:*:*:*:*:*:*

cpe:2.3:o:nokia:asika_airscale_firmware:20b:*:*:*:*:*:*:*

cpe:2.3:o:nokia:asika_airscale_firmware:20c:*:*:*:*:*:*:*

cpe:2.3:o:nokia:asika_airscale_firmware:21a:*:*:*:*:*:*:*

cpe:2.3:h:nokia:asika_airscale:-:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00031

Низкий

5.1 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-269

CWE-346

Связанные уязвимости

GHSA-2gpj-wh36-7xwf

CVSS3: 5.1

github

больше 2 лет назад

EPSS

Процентиль: 8%

0.00031

Низкий

5.1 Medium

CVSS3

7.8 High

CVSS3

Дефекты

CWE-269

CWE-346