Privilege Escalation Vulnerability in Nokia FastMile Device
CVE-2021-45896

8.8HIGH

Key Information:

Vendor

Nokia
Status
Fastmile Firmware
Vendor
CVE Published:
27 December 2021

What is CVE-2021-45896?

Nokia FastMile 3TG00118ABAD52 devices are vulnerable to a privilege escalation attack that allows an authenticated user to gain elevated privileges. This occurs through the manipulation of the 'is_ctc_admin' parameter during the access of 'login_web_app.cgi', combined with the capabilities associated with the Import Config File feature. Attackers taking advantage of this vulnerability could potentially alter device configurations without adequate authorization.

References

https://eddiez.me/hacking-the-nokia-fastmile/
x_refsource_MISC
https://gist.github.com/thedroidgeek/80c379aa43b71015d71d...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.