Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nokia
Nokia service Router Operating System |
|
Weaknesses | CWE-732 | |
CPEs | cpe:2.3:o:nokia:service_router_operating_system:*:*:*:*:*:*:*:* | |
Vendors & Products |
Nokia
Nokia service Router Operating System |
|
Metrics |
cvssV3_1
|
Thu, 17 Oct 2024 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. | |
Title | Nokia SR OS: File Access Security Vulnerability | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Nokia
Published: 2024-10-17T12:19:19.805Z
Updated: 2024-10-17T14:59:12.920Z
Reserved: 2023-12-12T12:43:53.899Z
Link: CVE-2023-6729
Vulnrichment
Updated: 2024-10-17T13:16:11.927Z
NVD
Status : Awaiting Analysis
Published: 2024-10-17T13:15:12.170
Modified: 2024-10-18T12:52:33.507
Link: CVE-2023-6729
Redhat
No data.