CVE-2023-25186

2.8LOW

Key Information:

Vendor: Nokia
Status: Asika Airscale Firmware
Vendor: CVE Published:; 16 June 2023

Summary

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.

References

https://Nokia.com

https://www.nokia.com/about-us/security-and-privacy/produ...

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2023
Vulnerability Reserved
Feb 4, 2023

Collectors

NVD DatabaseMitre Database