Arbitrary Code Execution Vulnerability in Ericsson RAN Compute and Site Controller 6610
CVE-2024-25008

6.8MEDIUM

Key Information:

Vendor: Ericsson
Status: Ericsson Ran Compute Basebands (all Bb Variants); Site Controller 6610
Vendor: CVE Published:; 16 August 2024

What is CVE-2024-25008?

Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability.

Affected Version(s)

Ericsson RAN Compute Basebands (all BB variants) 0 < 24.Q2

Site Controller 6610 0 < 24.Q2

References

https://www.ericsson.com/en/about-us/security/psirt/secur...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2024
Vulnerability Reserved
Feb 2, 2024