Information Disclosure Vulnerability in Nokia BTS Web Element Manager
CVE-2023-25189

3.3LOW

Key Information:

Vendor: Nokia
Vendor: CVE Published:; 25 September 2024

Summary

Nokia's BTS Web Element Manager contains a vulnerability that leads to the potential unauthorized disclosure of sensitive service operation details. Personnel from mobile network operators, regardless of their access privileges, can access service operation information that is typically reserved for Nokia Care service personnel through SSH. This situation poses risks to data integrity and security practices, highlighting the need for heightened security measures in network management systems.

References

https://www.nokia.com/about-us/security-and-privacy/produ...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024

Collectors

NVD DatabaseMitre Database