Gianpiero Costantino

**Name of the Vulnerable Software and Affected Versions** Nokia SR OS (affected versions not specified) **Description** The Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack, allowing an attacker in possession of the encrypted file to decrypt it and obtain the BOF configuration content. This weakness can lead to sensitive data exposure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nokia SR OS routers (affected versions not specified) **Description** The issue allows low-privilege authenticated users with "access console" to gain read-write access to the entire file system via SFTP or SCP. This access enables them to read or replace the router configuration file and other files stored in the Compact Flash or SD card without using CLI commands, potentially leading to a compromise or denial of service of the router after a system reboot. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.