Search criteria
15 vulnerabilities
CVE-2023-49565 (GCVE-0-2023-49565)
Vulnerability from cvelistv5 – Published: 2025-09-18 06:11 – Updated: 2025-09-18 17:56
VLAI?
Summary
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without adequate validation, enabling a remote attacker to execute arbitrary commands on the underlying system by crafting malicious header values within an HTTP request to the affected endpoint.
The web service executes with root privileges within the container environment, the demonstrated remote code execution permits an attacker to acquire elevated privileges for the command execution.
Restricting access to the management network with an external firewall can partially mitigate this risk.
Severity ?
8.4 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T17:56:06.818678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T17:56:10.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CBIS,NCS",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "CBIS 22, NCS 22.12, NCS 23.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without adequate validation, enabling a remote attacker to execute arbitrary commands on the underlying system by crafting malicious header values within an HTTP request to the affected endpoint.\nThe web service executes with root privileges within the container environment, the demonstrated remote code execution permits an attacker to acquire elevated privileges for the command execution.\nRestricting access to the management network with an external firewall can partially mitigate this risk."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T06:11:53.618Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/CVE-2023-49565/"
}
],
"title": "Remote Code Execution",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2023-49565",
"datePublished": "2025-09-18T06:11:53.618Z",
"dateReserved": "2023-11-27T09:09:46.615Z",
"dateUpdated": "2025-09-18T17:56:10.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49564 (GCVE-0-2023-49564)
Vulnerability from cvelistv5 – Published: 2025-09-18 06:10 – Updated: 2025-09-18 18:01
VLAI?
Summary
The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine.
The risk can be partially mitigated by restricting access to the management network using external firewall.
Severity ?
8.8 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T18:00:56.831578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T18:01:12.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CBIS,NCS",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "CBIS 22, NCS 22.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine.\nThe risk can be partially mitigated by restricting access to the management network using external firewall."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T06:10:27.787Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/CVE-2023-49564/"
}
],
"title": "Authentication Bypass",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2023-49564",
"datePublished": "2025-09-18T06:10:27.787Z",
"dateReserved": "2023-11-27T09:09:46.615Z",
"dateUpdated": "2025-09-18T18:01:12.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24938 (GCVE-0-2025-24938)
Vulnerability from cvelistv5 – Published: 2025-07-21 06:33 – Updated: 2025-07-23 18:39
VLAI?
Summary
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver.
The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management.
Severity ?
8.4 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | WaveSuite NOC |
Affected:
WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12
Unaffected: WS-NOC 24.6 FP3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T18:34:24.206505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:39:08.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WaveSuite NOC",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12"
},
{
"status": "unaffected",
"version": "WS-NOC 24.6 FP3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver.\n\nThe vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T06:33:56.306Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Product Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24938/"
}
],
"title": "Insufficient Validation of Input while user creation",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24938",
"datePublished": "2025-07-21T06:33:56.306Z",
"dateReserved": "2025-01-29T07:19:18.312Z",
"dateUpdated": "2025-07-23T18:39:08.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24937 (GCVE-0-2025-24937)
Vulnerability from cvelistv5 – Published: 2025-07-21 06:31 – Updated: 2025-07-23 18:43
VLAI?
Summary
File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on.
The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server.
Severity ?
9 (Critical)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | WaveSuite NOC |
Affected:
WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12
Unaffected: WS-NOC 24.6 FP3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T18:43:08.726575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:43:23.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WaveSuite NOC",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12"
},
{
"status": "unaffected",
"version": "WS-NOC 24.6 FP3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on.\n\nThe vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T06:31:24.062Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Product Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24937/"
}
],
"title": "Access to local file system and its content",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24937",
"datePublished": "2025-07-21T06:31:24.062Z",
"dateReserved": "2025-01-29T07:19:18.312Z",
"dateUpdated": "2025-07-23T18:43:23.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24936 (GCVE-0-2025-24936)
Vulnerability from cvelistv5 – Published: 2025-07-21 06:27 – Updated: 2025-07-23 18:45
VLAI?
Summary
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet.
An attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver.
Severity ?
9 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | WaveSuite NOC |
Affected:
WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12
Unaffected: WS-NOC 24.6 FP3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T18:45:19.086277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:45:22.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WaveSuite NOC",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12"
},
{
"status": "unaffected",
"version": "WS-NOC 24.6 FP3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet.\n\nAn attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T06:27:46.093Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24936/"
}
],
"title": "Insufficient Validation of Input in the URL",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24936",
"datePublished": "2025-07-21T06:27:46.093Z",
"dateReserved": "2025-01-29T07:19:18.312Z",
"dateUpdated": "2025-07-23T18:45:22.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24335 (GCVE-0-2025-24335)
Vulnerability from cvelistv5 – Published: 2025-07-02 08:35 – Updated: 2025-07-02 13:26
VLAI?
Summary
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service.
No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue.
Severity ?
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | Nokia Single RAN |
Affected:
All the releases prior to 24R1-SR 2.1 MP
Unaffected: 24R1-SR 2.1 MP and later |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T13:26:34.467642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:26:40.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nokia Single RAN",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All the releases prior to 24R1-SR 2.1 MP"
},
{
"status": "unaffected",
"version": "24R1-SR 2.1 MP and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service.\n\nNo practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T08:35:46.346Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24335/"
}
],
"title": "SOAP message input validation fault could in theory cause OAM service resource exhaustion",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24335",
"datePublished": "2025-07-02T08:35:46.346Z",
"dateReserved": "2025-01-20T05:33:25.524Z",
"dateUpdated": "2025-07-02T13:26:40.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24334 (GCVE-0-2025-24334)
Vulnerability from cvelistv5 – Published: 2025-07-02 08:34 – Updated: 2025-07-02 14:11
VLAI?
Summary
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.
Severity ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | Nokia Single RAN |
Affected:
All the releases prior to 23R2-SR 1.0 MP
Unaffected: 23R2-SR 1.0 MP and later |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T14:11:03.638672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T14:11:07.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nokia Single RAN",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All the releases prior to 23R2-SR 1.0 MP"
},
{
"status": "unaffected",
"version": "23R2-SR 1.0 MP and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T08:34:12.062Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24334/"
}
],
"title": "The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24334",
"datePublished": "2025-07-02T08:34:12.062Z",
"dateReserved": "2025-01-20T05:33:25.524Z",
"dateUpdated": "2025-07-02T14:11:07.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24333 (GCVE-0-2025-24333)
Vulnerability from cvelistv5 – Published: 2025-07-02 08:32 – Updated: 2025-07-02 14:13
VLAI?
Summary
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file.
This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file.
Severity ?
6.4 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | Nokia Single RAN |
Affected:
All the releases prior to 24R1-SR 1.0 MP
Unaffected: 24R1-SR 1.0 MP and later |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T14:13:27.212792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T14:13:31.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nokia Single RAN",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All the releases prior to 24R1-SR 1.0 MP"
},
{
"status": "unaffected",
"version": "24R1-SR 1.0 MP and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file.\n\nThis issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T08:32:57.271Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24333/"
}
],
"title": "Administrative user shell input validation fault",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24333",
"datePublished": "2025-07-02T08:32:57.271Z",
"dateReserved": "2025-01-20T05:33:25.524Z",
"dateUpdated": "2025-07-02T14:13:31.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24332 (GCVE-0-2025-24332)
Vulnerability from cvelistv5 – Published: 2025-07-02 08:31 – Updated: 2025-07-02 14:26
VLAI?
Summary
Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity boards using the internal bsoc SSH service, which is available only internally within the baseband and through the internal backplane between the boards. The bsoc SSH allows login from one board to another via the baseband internal backplane using an SSH private key present on the baseband system board.
This bsoc SSH capability was previously considered an administrative functionality but has now been restricted to be available only to baseband root-privileged administrators. This restriction mitigates the possibility of misuse with lower-level privileges (e.g., from baseband software images). This mitigation is included starting from release 23R4-SR 3.0 MP and later
Severity ?
7.1 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | Nokia Single RAN AirScale (Flexi Multiradio is not affected) |
Affected:
All the releases prior to 23R4-SR 3.0 MP
Unaffected: 23R4-SR 3.0 MP and later |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T14:26:05.156194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T14:26:54.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nokia Single RAN AirScale (Flexi Multiradio is not affected)",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All the releases prior to 23R4-SR 3.0 MP"
},
{
"status": "unaffected",
"version": "23R4-SR 3.0 MP and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity boards using the internal bsoc SSH service, which is available only internally within the baseband and through the internal backplane between the boards. The bsoc SSH allows login from one board to another via the baseband internal backplane using an SSH private key present on the baseband system board.\n\nThis bsoc SSH capability was previously considered an administrative functionality but has now been restricted to be available only to baseband root-privileged administrators. This restriction mitigates the possibility of misuse with lower-level privileges (e.g., from baseband software images). This mitigation is included starting from release 23R4-SR 3.0 MP and later"
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T08:31:38.820Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24332/"
}
],
"title": "Authenticated admin user can connect baseband internally from one board to another without needing to re-authentication",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24332",
"datePublished": "2025-07-02T08:31:38.820Z",
"dateReserved": "2025-01-20T05:33:25.524Z",
"dateUpdated": "2025-07-02T14:26:54.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24331 (GCVE-0-2025-24331)
Vulnerability from cvelistv5 – Published: 2025-07-02 08:30 – Updated: 2025-07-02 14:36
VLAI?
Summary
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.
Beginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary.
Severity ?
6.4 (Medium)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | Nokia Single RAN |
Affected:
All the releases prior to 24R1-SR 0.2 MP
Unaffected: 24R1-SR 0.2 MP and later |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T14:36:27.881891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T14:36:32.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nokia Single RAN",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All the releases prior to 24R1-SR 0.2 MP"
},
{
"status": "unaffected",
"version": "24R1-SR 0.2 MP and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.\n\nBeginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T08:30:19.565Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24331/"
}
],
"title": "Nokia Single RAN baseband OAM service extensive capabilities",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24331",
"datePublished": "2025-07-02T08:30:19.565Z",
"dateReserved": "2025-01-20T05:33:25.523Z",
"dateUpdated": "2025-07-02T14:36:32.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24330 (GCVE-0-2025-24330)
Vulnerability from cvelistv5 – Published: 2025-07-02 08:29 – Updated: 2025-07-02 14:39
VLAI?
Summary
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.
Beginning with release 24R1-SR 1.0 MP, the OAM service software performed PlanId field input validations mitigate the reported path traversal issue.
Severity ?
6.4 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | Nokia Single RAN |
Affected:
All the releases prior to 24R1-SR 1.0 MP
Unaffected: 24R1-SR 1.0 MP and later |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T14:39:40.906565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T14:39:50.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nokia Single RAN",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All the releases prior to 24R1-SR 1.0 MP"
},
{
"status": "unaffected",
"version": "24R1-SR 1.0 MP and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sending a crafted SOAP \"provision\" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.\n\nBeginning with release 24R1-SR 1.0 MP, the OAM service software performed PlanId field input validations mitigate the reported path traversal issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T08:29:03.339Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24330/"
}
],
"title": "OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24330",
"datePublished": "2025-07-02T08:29:03.339Z",
"dateReserved": "2025-01-20T05:33:25.523Z",
"dateUpdated": "2025-07-02T14:39:50.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24329 (GCVE-0-2025-24329)
Vulnerability from cvelistv5 – Published: 2025-07-02 08:27 – Updated: 2025-07-02 13:38
VLAI?
Summary
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.
Beginning with release 24R1-SR 1.0 MP, the OAM service software utilizes libarchive APIs with security options enabled, effectively mitigating the reported path traversal issue.
Severity ?
6.4 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | Nokia Single RAN |
Affected:
All releases prior to 24R1-SR 1.0 MP
Unaffected: 24R1-SR 1.0 MP and later |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T13:35:51.266536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:38:28.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nokia Single RAN",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All releases prior to 24R1-SR 1.0 MP"
},
{
"status": "unaffected",
"version": "24R1-SR 1.0 MP and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sending a crafted SOAP \"provision\" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.\n\nBeginning with release 24R1-SR 1.0 MP, the OAM service software utilizes libarchive APIs with security options enabled, effectively mitigating the reported path traversal issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T08:27:43.287Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24329/"
}
],
"title": "OAM service path traversal issue caused by a crafted SOAP message archive field within the RAN management network",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24329",
"datePublished": "2025-07-02T08:27:43.287Z",
"dateReserved": "2025-01-20T05:33:25.523Z",
"dateUpdated": "2025-07-02T13:38:28.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24328 (GCVE-0-2025-24328)
Vulnerability from cvelistv5 – Published: 2025-07-02 07:39 – Updated: 2025-07-02 13:45
VLAI?
Summary
Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.
The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service.
Severity ?
4.2 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | Nokia Single RAN |
Affected:
All releases prior to 24R1-SR 1.0 MP are affected.
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T13:41:30.635961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T13:45:17.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Nokia Single RAN",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All releases prior to 24R1-SR 1.0 MP are affected."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sending a crafted SOAP \"set\" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.\n\nThe OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T07:39:30.318Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Security Advisory",
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/"
}
],
"title": "OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24328",
"datePublished": "2025-07-02T07:39:30.318Z",
"dateReserved": "2025-01-20T05:33:25.523Z",
"dateUpdated": "2025-07-02T13:45:17.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6729 (GCVE-0-2023-6729)
Vulnerability from cvelistv5 – Published: 2024-10-17 12:19 – Updated: 2024-10-17 14:59
VLAI?
Summary
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.
Severity ?
7.3 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS |
Affected:
All supported releases prior to Release 24
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nokia:service_router_operating_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "service_router_operating_system",
"vendor": "nokia",
"versions": [
{
"lessThan": "24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T12:45:34.609859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:59:12.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All supported releases prior to Release 24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with \"access console.\" Consequently, a low privilege authenticated user with \"access console\" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted."
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T12:19:19.805Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6729/"
}
],
"title": "Nokia SR OS: File Access Security Vulnerability",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2023-6729",
"datePublished": "2024-10-17T12:19:19.805Z",
"dateReserved": "2023-12-12T12:43:53.899Z",
"dateUpdated": "2024-10-17T14:59:12.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6728 (GCVE-0-2023-6728)
Vulnerability from cvelistv5 – Published: 2024-10-17 12:16 – Updated: 2024-11-05 19:32
VLAI?
Summary
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.
Severity ?
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Nokia | SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS |
Affected:
All supported releases prior to Release 24
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-6728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T15:02:47.474313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:32:18.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "All supported releases prior to Release 24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content."
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T12:16:02.750Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728/"
}
],
"title": "Nokia SR OS: BOF File Encryption Vulnerability",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2023-6728",
"datePublished": "2024-10-17T12:16:02.750Z",
"dateReserved": "2023-12-12T12:14:36.041Z",
"dateUpdated": "2024-11-05T19:32:18.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}