CVE-2023-25188 — MEDIUM (5.1)

Vulnerability Description

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.

CVSS Score

5.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nokia	Asika Airscale Firmware	19b
Nokia	Asika Airscale	-

Related Weaknesses (CWE)

CWE-346 CWE-269

References

https://Nokia.comProduct
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cvVendor Advisory
https://Nokia.comProduct
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cvVendor Advisory

FAQ

What is CVE-2023-25188?

CVE-2023-25188 is a vulnerability with a CVSS score of 5.1 (MEDIUM). An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS bas...

How severe is CVE-2023-25188?

CVE-2023-25188 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25188?

Check the references section above for vendor advisories and patch information. Affected products include: Nokia Asika Airscale Firmware, Nokia Asika Airscale.