CVE-2023-25189

Published: Sep 25, 2024Modified: Oct 29, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Exploitability: 0.8 / Impact: 2.5

Source: MITRE (Secondary)

Description

BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25189/

Source: cve@mitre.org

Timeline

No history available yet.