OS Command Injection Vulnerability in Nokia Broadcast Message Center
CVE-2022-45899

6.5MEDIUM

Key Information:

Vendor: Nokia
Status: Broadcast Message Center
Vendor: CVE Published:; 8 May 2026

What is CVE-2022-45899?

A vulnerability exists in Nokia's Broadcast Message Center (BMC) versions prior to 13.1, allowing unauthenticated remote attackers to execute OS command injection as root. This is facilitated through the misuse of shell metacharacters in the Log Scanner Search Pattern field, posing significant security risks by potentially allowing attackers to manipulate the system's command execution.

References

https://nokia.com

https://www.exploit-db.com/exploits/51896

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Nov 26, 2022

CVE-2022-45899 Data

JSON