5.1
CVE-2023-25186
- EPSS 0.03%
- Veröffentlicht 16.06.2023 19:15:14
- Zuletzt bearbeitet 21.11.2024 07:49:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nokia ≫ Asika Airscale Firmware Version19b
Nokia ≫ Asika Airscale Firmware Version20a
Nokia ≫ Asika Airscale Firmware Version20b
Nokia ≫ Asika Airscale Firmware Version20c
Nokia ≫ Asika Airscale Firmware Version21a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.045 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.8 | 1.3 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
|
| cve@mitre.org | 5.1 | 0.3 | 4.7 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.