Description
Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an OS command injection flaw that permits an attacker to execute arbitrary shell commands with root privileges. The weakness originates from unsanitized input in the Log Scanner Search Pattern field, allowing shell metacharacters to be interpreted by the underlying operating system. This defect can be exploited to compromise confidentiality, integrity, and availability by gaining full control over the affected device.

Affected Systems

Nokia Broadcast Message Center versions prior to 13.1 are impacted. Users deploying these earlier releases must verify whether they are running the vulnerable software and consider upgrading to a non‑vulnerable version.

Risk and Exploitability

This flaw is exploitable without any authentication. The CVSS assessment is not provided, and the EPSS score is unavailable, but the fact that the issue permits root‑level command execution indicates high severity. The vulnerability is not listed in CISA’s KEV catalog. Likely exploitation requires a network‑accessible interface to the Log Scanner feature and the input of crafted shell metacharacters.

Generated by OpenCVE AI on May 8, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check with Nokia for an official patch or upgrade path to a version newer than 13.1.
  • If a patch is not yet available, restrict network access to the Log Scanner Search Pattern interface using firewall rules or network segmentation.
  • Apply a brute‑force protection or rate‑limiting mechanism on the Log Scanner interface to mitigate automated exploitation attempts.

Generated by OpenCVE AI on May 8, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Nokia
Nokia broadcast Message Center
Vendors & Products Nokia
Nokia broadcast Message Center

Fri, 08 May 2026 07:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated OS Command Injection in Nokia Broadcast Message Center Log Scanner
Weaknesses CWE-78
CWE-94

Fri, 08 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.
References

Subscriptions

Nokia Broadcast Message Center
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-08T13:48:07.147Z

Reserved: 2022-11-26T00:00:00.000Z

Link: CVE-2022-45899

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T05:16:09.183

Modified: 2026-05-08T05:16:09.183

Link: CVE-2022-45899

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T08:00:03Z

Weaknesses