Internal Fault in Nokia Web Element Manager Exposes Administrative Functions
CVE-2023-26062

7.8HIGH

Key Information:

Vendor: Nokia
Status: Web Element Manager
Vendor: CVE Published:; 14 June 2023

Summary

A significant internal fault has been identified in Nokia's Web Element Manager prior to version 22 R1. This vulnerability allows an authenticated, unprivileged user within the Communication Service Provider's (CSP) internal mobile network management framework to execute administrative functions. However, it is important to note that exploitation cannot occur from outside the mobile network architecture, meaning that external networks, including roaming users and the internet, cannot leverage this vulnerability. The issue is confined to the internal BTS management network used by CSPs, thereby indicating a limited scope for potential exploitation.

References

https://nokia.com

https://www.nokia.com/about-us/security-and-privacy/produ...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Feb 19, 2023