CVE-2023-25188

Name of the Vulnerable Software and Affected Versions NOKIA Airscale ASIKA Single RAN devices versions prior to 21B

Description An issue was discovered where if security hardenings are removed from the Nokia Single RAN BTS baseband unit by a CSP as a BTS administrator, the BTS baseband unit diagnostic tool AaShell allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. This access is possible because AaShell, which is disabled by default, can be accessed without authentication.

Recommendations For versions prior to 21B, as a temporary workaround, consider disabling the AaShell diagnostic tool until a patch is available. Restrict access to the BTS baseband unit to minimize the risk of exploitation. Ensure that security hardenings are not removed from the Nokia Single RAN BTS baseband unit to prevent unauthenticated access.