Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.
History

Thu, 17 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Nokia
Nokia service Router Operating System
Weaknesses CWE-732
CPEs cpe:2.3:o:nokia:service_router_operating_system:*:*:*:*:*:*:*:*
Vendors & Products Nokia
Nokia service Router Operating System
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 12:30:00 +0000

Type Values Removed Values Added
Description Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.
Title Nokia SR OS: File Access Security Vulnerability
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Nokia

Published: 2024-10-17T12:19:19.805Z

Updated: 2024-10-17T14:59:12.920Z

Reserved: 2023-12-12T12:43:53.899Z

Link: CVE-2023-6729

cve-icon Vulnrichment

Updated: 2024-10-17T13:16:11.927Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-17T13:15:12.170

Modified: 2024-10-18T12:52:33.507

Link: CVE-2023-6729

cve-icon Redhat

No data.