7.8
CVE-2023-25185
- EPSS 0.03%
- Veröffentlicht 16.06.2023 19:15:14
- Zuletzt bearbeitet 12.12.2024 22:15:06
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nokia ≫ Asika Airscale Firmware Version19b
Nokia ≫ Asika Airscale Firmware Version20a
Nokia ≫ Asika Airscale Firmware Version20b
Nokia ≫ Asika Airscale Firmware Version20c
Nokia ≫ Asika Airscale Firmware Version21a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.066 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cve@mitre.org | 3.8 | 0.3 | 3.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.