CVE-2023-22618 - OpenCVE

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nokia	Wavelite Metro 200 And F2b Fans Wavelite Metro 200 And F2b Fans Firmware Wavelite Metro 200 And Fan Wavelite Metro 200 And Fan Firmware Wavelite Metro 200 Ne And F2b Fans Wavelite Metro 200 Ne And F2b Fans Firmware Wavelite Metro 200 Ne Ops And F2b Fans Wavelite Metro 200 Ne Ops And F2b Fans Firmware Wavelite Metro 200 Ops And F2b Fans Wavelite Metro 200 Ops And F2b Fans Firmware Wavelite Metro 200 Ops And Fans Wavelite Metro 200 Ops And Fans Firmware

Configuration 1 [-]

AND

cpe:2.3:h:nokia:wavelite_metro_200_and_fan:-:*:*:*:*:*:*:*

cpe:2.3:o:nokia:wavelite_metro_200_and_fan_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:nokia:wavelite_metro_200_ops_and_fans:-:*:*:*:*:*:*:*

cpe:2.3:o:nokia:wavelite_metro_200_ops_and_fans_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:nokia:wavelite_metro_200_and_f2b_fans:-:*:*:*:*:*:*:*

cpe:2.3:o:nokia:wavelite_metro_200_and_f2b_fans_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:nokia:wavelite_metro_200_ops_and_f2b_fans:-:*:*:*:*:*:*:*

cpe:2.3:o:nokia:wavelite_metro_200_ops_and_f2b_fans_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:nokia:wavelite_metro_200_ne_and_f2b_fans:-:*:*:*:*:*:*:*

cpe:2.3:o:nokia:wavelite_metro_200_ne_and_f2b_fans_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:nokia:wavelite_metro_200_ne_ops_and_f2b_fans:-:*:*:*:*:*:*:*

cpe:2.3:o:nokia:wavelite_metro_200_ne_ops_and_f2b_fans_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://nokia.com
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-04T00:00:00

Updated: 2024-08-02T10:13:49.370Z

Reserved: 2023-01-04T00:00:00

Link: CVE-2023-22618

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-10-04T12:15:10.300

Modified: 2023-10-06T16:23:54.007

Link: CVE-2023-22618

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object