Name of the Vulnerable Software and Affected Versions:

Nokia Web Element Manager versions prior to 22 R1

Description:

A mobile network solution internal fault is found in Nokia Web Element Manager, where an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of the mobile network solution architecture, meaning it is not possible from mobile network user UEs, roaming networks, or the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network.

Recommendations:

For versions prior to 22 R1, update to version 22 R1 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative functions to privileged users only until a patch is available. Restrict access to the internal BTS management network to minimize the risk of exploitation.