CVE-2023-6728 Nokia SR OS: BOF File Encryption Vulnerability
Public disclosure |
17-10-2024 |
---|---|
Last updated |
17-10-2024 |
Vulnerability type |
Encryption Weakness |
CVSS vector |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
CVSS score |
3.3 |
Description
Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.
Affected products and versions
Product |
Versions |
---|---|
SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS |
All supported releases prior to Release 24 |
Mitigation plan
A fix has been provided in Releases 22, 23 and 24. Please contact Nokia support for details.
Acknowledgements
- Gianpiero Costantino (National Cybersecurity Agency (ACN))
- Alessandro Esposito (National Cybersecurity Agency (ACN))
- Alessandro Casale (National Cybersecurity Agency (ACN))
References
Change history : Initial version is published on 17-10-2024