CVE-2024-25008

Name of the Vulnerable Software and Affected Versions Ericsson RAN Compute and Site Controller 6610 versions prior to 24.Q2

Description The issue is related to improper input validation in the Control System, which can lead to arbitrary code execution. For example, it can be used to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges, such as a valid OAM user having the system administrator role, to exploit the issue.

Recommendations For Ericsson RAN Compute and Site Controller 6610 versions prior to 24.Q2, upgrade the affected components immediately to mitigate threats.