CVE-2025-24328
OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network
Public disclosure |
02-07-2025 |
|---|---|
Last updated |
02-07-2025 |
Vulnerability type |
Buffer Overflow |
CVSS vector |
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H |
CVSS score |
4.2 |
Description
Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP.
The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service.
This vulnerability is not exploitable from outside the Mobile Network Operator (MNO) internal architecture, such as from mobile network user devices (UEs), roaming networks, or the Internet.
The OAM service stack overflow issue can only be caused from within the MNO internal Radio Access Network (RAN) management network. This can occur by sending in RAN management network a crafted SOAP "set" operation that includes a malformed "primaryDocument" parameter, which can cause a stack overflow in the Nokia Single RAN baseband NE3S OAM service (Ne3sadapter) component in releases earlier than 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.
Affected products and versions
Product |
Versions |
|---|---|
Nokia Single RAN |
All releases prior to 24R1-SR 1.0 MP |
Mitigation plan
The fix has been included starting from 24R1-SR 1.0 MP.
Acknowledgements
- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)
References
Change history : Initial version is published on 02-07-2025