The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine.
The risk can be partially mitigated by restricting access to the management network using external firewall.
The risk can be partially mitigated by restricting access to the management network using external firewall.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 18 Sep 2025 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine. The risk can be partially mitigated by restricting access to the management network using external firewall. | |
| Title | Authentication Bypass | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: Nokia
Published:
Updated: 2025-09-18T06:10:27.787Z
Reserved: 2023-11-27T09:09:46.615Z
Link: CVE-2023-49564
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-09-18T06:15:33.087
Modified: 2025-09-18T06:15:33.087
Link: CVE-2023-49564
Redhat
No data.
OpenCVE Enrichment
No data.