Vulnerability Description
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but deactivates also Linux Shell, WebGUI and Physical Serial Console access. No confirmation is asked at deactivation time. Loosing access to these services device administrators are at risk of completely loosing device control.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nokia | G42 Firmware | >= 6.1.3, < 8.0 |
| Nokia | G42 | - |
Related Weaknesses (CWE)
References
- https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27026Third Party Advisory
- https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27026Third Party Advisory
FAQ
What is CVE-2025-27026?
CVE-2025-27026 is a vulnerability with a CVSS score of 4.9 (MEDIUM). A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and n...
How severe is CVE-2025-27026?
CVE-2025-27026 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-27026?
Check the references section above for vendor advisories and patch information. Affected products include: Nokia G42 Firmware, Nokia G42.