4.9
CVE-2025-27026
- EPSS 0.07%
- Veröffentlicht 02.07.2025 13:42:42
- Zuletzt bearbeitet 11.02.2026 21:20:38
- Quelle a6d3dc9e-0591-4a13-bce7-0f5b31
- CVE-Watchlists
- Unerledigt
LoginA missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but deactivates also Linux Shell, WebGUI and Physical Serial Console access. No confirmation is asked at deactivation time. Loosing access to these services device administrators are at risk of completely loosing device control.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nokia ≫ G42 Firmware Version >= 6.1.3 < 8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.202 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-1220 Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.