PT-2023-19967 · Nokia · Nokia Airscale Asika Single Ran+1
Geoffrey Bertoli
+1
·
Published
2023-06-16
·
Updated
2023-07-05
·
CVE-2023-25186
CVSS v3.1
5.1
Medium
| Vector | AC:H/AV:L/A:H/C:L/I:L/PR:H/S:U/UI:R |
Name of the Vulnerable Software and Affected Versions
NOKIA Airscale ASIKA Single RAN devices versions prior to 21B
Description
An issue was discovered in the Nokia BTS baseband unit diagnostic tool AaShell, which is disabled by default. If security hardenings are removed from a Nokia Single RAN BTS baseband unit by a CSP administrator, a directory path traversal provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.
Recommendations
For versions prior to 21B, consider disabling the AaShell diagnostic tool until a patch is available to prevent potential exploitation. Restrict access to the BTS baseband unit internal filesystem to minimize the risk of unauthorized access. Ensure that security hardenings are not removed from the Nokia Single RAN BTS baseband unit to prevent this issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aashell
Nokia Airscale Asika Single Ran