CVE-2023-25189
Nokia BTS service operation log information disclosure for network operator administrators
Public disclosure |
16-09-2024 |
---|---|
Last updated |
16-09-2024 |
Vulnerability type |
Nokia BTS service operation log information disclosure |
CVSS vector |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N |
CVSS score |
3.3 |
Description
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the his access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH.
Affected products and versions
Product |
Versions |
---|---|
Nokia ASIKA Airscale |
All Nokia SRAN SW Releases |
Mitigation plan
Fix has been provided from Nokia Single RAN 24R1 onwards.
Acknowledgements
- Lena David from Synacktiv
- Geoffrey Bertoli from Synacktiv
References
Change history : Initial version is published on 16-09-2024