CVE-2023-25185 — LOW (3.8) — White Hats Nepal

Vulnerability Description

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.

CVSS Score

3.8

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Nokia	Asika Airscale Firmware	19b
Nokia	Asika Airscale	-

Related Weaknesses (CWE)

CWE-269 CWE-863

References

https://Nokia.comProduct
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cvVendor Advisory
https://Nokia.comProduct
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cvVendor Advisory

FAQ

What is CVE-2023-25185?

CVE-2023-25185 is a vulnerability with a CVSS score of 3.8 (LOW). An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in t...

How severe is CVE-2023-25185?

CVE-2023-25185 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25185?

Check the references section above for vendor advisories and patch information. Affected products include: Nokia Asika Airscale Firmware, Nokia Asika Airscale.