Impact
The vulnerability in Nokia SR Linux is a local privilege escalation flaw that allows an authenticated user to execute arbitrary commands as the superuser. Successful exploitation would give an attacker full control over the device, enabling installation of malware, modification of system settings, and other actions that compromise confidentiality, integrity, and availability.
Affected Systems
The affected product is Nokia SR Linux. No specific version information is available, so all released builds of the OS should be reviewed to determine whether they contain the vendor-supplied fix. The flaw applies to any installation of SR Linux that has not applied the official patch.
Risk and Exploitability
The CVSS score of 6.3 classifies the vulnerability as medium severity, while the EPSS score of less than 1% indicates a low probability of widespread exploitation at present. The vulnerability is not listed in CISA's KEV catalog, so no known exploitation indicators exist. The likely attack vector is local authenticated access (inferred from the description), meaning that the primary risk is to administrators and other users with login credentials on the device. When exploited, an attacker can perform any action a root user can, such as installing malware, resetting passwords, or tampering with critical configurations. Because the flaw is local, remote attackers would need additional foothold or physical access, which reduces but does not eliminate the attack surface.
OpenCVE Enrichment