7.8

CVE-2023-25188

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NokiaAsika Airscale Firmware Version19b
   NokiaAsika Airscale Version-
NokiaAsika Airscale Firmware Version20a
   NokiaAsika Airscale Version-
NokiaAsika Airscale Firmware Version20b
   NokiaAsika Airscale Version-
NokiaAsika Airscale Firmware Version20c
   NokiaAsika Airscale Version-
NokiaAsika Airscale Firmware Version21a
   NokiaAsika Airscale Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.083
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org 5.1 0.3 4.7
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.