CVE-2025-24333
Administrative user shell input validation fault
Public disclosure |
02-07-2025 |
|---|---|
Last updated |
02-07-2025 |
Vulnerability type |
Shell Injection |
CVSS vector |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVSS score |
6.4 |
Description
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file.
This vulnerability is not exploitable from outside the Mobile Network Operator (MNO) internal architecture, such as from mobile network user devices (UEs), roaming networks, or the Internet. The reported issue is only accessible to an authenticated Single RAN base station administrative user within the MNO internal Radio Access Network (RAN) management network, in software versions earlier than release 24R1-SR 1.0 MP.
No practical exploit has been detected for this admin shell input validation flaw. This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file.
Affected products and versions
Product |
Versions |
|---|---|
Nokia Single RAN |
All the releases prior to 24R1-SR 1.0 MP |
Mitigation plan
The fix has been included starting from 24R1-SR 1.0 MP.
Acknowledgements
- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)
References
Change history : Initial version is published on 02-07-2025