CVE-2023-49565
Remote Code Execution
Public disclosure |
18-09-2025 |
|---|---|
Last updated |
18-09-2025 |
Vulnerability type |
Remote Code Execution |
CVSS vector |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
CVSS score |
8.4 |
Description
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without adequate validation, enabling a remote attacker to execute arbitrary commands on the underlying system by crafting malicious header values within an HTTP request to the affected endpoint.
The web service executes with root privileges within the container environment, the demonstrated remote code execution permits an attacker to acquire elevated privileges for the command execution.
Restricting access to the management network with an external firewall can partially mitigate this risk.
Affected products and versions
Product |
Versions |
|---|---|
CloudBand Infrastructure Software (CBIS) |
CBIS 22 |
Nokia Container Service (NCS) |
NCS 22.12, NCS 23.10 |
Mitigation plan
Fix has been provided in: CBIS 22 FP1 MP1.2, NCS 22.12 MP3, NCS 23.10 MP1
Acknowledgements
- Orange Cert
References
Change history : Initial version is published on 21-07-2025