Privilege Escalation in Nokia Airscale ASIKA Single RAN Devices
CVE-2023-25185

7.8HIGH

Key Information:

Vendor
Nokia
Status
Asika Airscale Firmware
Vendor
CVE Published:
16 June 2023

Summary

A security flaw has been identified in the Nokia Airscale ASIKA Single RAN devices prior to release 21B. This vulnerability stems from internal software processes within the BTS design that operate with excessive privileges, permitting unauthorized access to BTS embedded operating system resources. The implications of such a vulnerability could lead to significant disruptions, highlighting the need for immediate attention from network operators.

References

https://Nokia.com
https://www.nokia.com/about-us/security-and-privacy/produ...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.