CVE-2023-25186 - Vulnerability Details - OpenCVE

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nokia	Asika Airscale Asika Airscale Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:nokia:asika_airscale_firmware:19b:::::::*
	cpe:2.3:o:nokia:asika_airscale_firmware:20a:::::::*
	cpe:2.3:o:nokia:asika_airscale_firmware:20b:::::::*
	cpe:2.3:o:nokia:asika_airscale_firmware:20c:::::::*
	cpe:2.3:o:nokia:asika_airscale_firmware:21a:::::::*

cpe:2.3:h:nokia:asika_airscale:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://Nokia.com
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25186/

History

Wed, 11 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-06-16T00:00:00

Updated: 2024-12-11T20:22:52.063Z

Reserved: 2023-02-04T00:00:00

Link: CVE-2023-25186

Vulnrichment

Updated: 2024-08-02T11:18:35.767Z

NVD

Status : Modified

Published: 2023-06-16T19:15:14.423

Modified: 2024-11-21T07:49:16.570

Link: CVE-2023-25186

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25186", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-12-11T20:22:52.063Z", "dateReserved": "2023-02-04T00:00:00", "datePublished": "2023-06-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-16T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://Nokia.com"}, {"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25186/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:L/A:H/C:L/I:L/PR:H/S:U/UI:R", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:35.767Z"}, "title": "CVE Program Container", "references": [{"url": "https://Nokia.com", "tags": ["x_transferred"]}, {"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25186/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-11T20:22:39.234890Z", "id": "CVE-2023-25186", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T20:22:52.063Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://Nokia.com", "tags": ["x_transferred"]}, {"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25186/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:35.767Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25186", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-11T20:22:39.234890Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-11T20:22:47.202Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AC:H/AV:L/A:H/C:L/I:L/PR:H/S:U/UI:R", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://Nokia.com"}, {"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25186/"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-16T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-25186", "state": "PUBLISHED", "dateUpdated": "2024-12-11T20:22:52.063Z", "dateReserved": "2023-02-04T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-06-16T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:19b:*:*:*:*:*:*:*", "matchCriteriaId": "FE8E3A0E-3B21-49D8-A4EE-33FE5FBA7B51", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20a:*:*:*:*:*:*:*", "matchCriteriaId": "A612E565-7686-4C20-99AF-67B283328A42", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20b:*:*:*:*:*:*:*", "matchCriteriaId": "5AE52024-F5EE-42F6-AC3A-702E87B1ABF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20c:*:*:*:*:*:*:*", "matchCriteriaId": "DA68A71E-A8FB-4448-BE75-318E4582FC43", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:21a:*:*:*:*:*:*:*", "matchCriteriaId": "B2FAA373-A46D-48A6-8A08-F66F4F3604C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asika_airscale:-:*:*:*:*:*:*:*", "matchCriteriaId": "61C0B724-C7EA-4214-98CF-49812292332B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network."}], "id": "CVE-2023-25186", "lastModified": "2024-11-21T07:49:16.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 4.7, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-16T19:15:14.423", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://Nokia.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25186/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://Nokia.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25186/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}