CVE-2023-25186
Title: Directory Traversal in Nokia Single RAN AaShell Diagnostic Tool
Proof Of Concept
No public PoC currently indexed for CVE-2023-25186.
Vulnerability Summary
CVE-2023-25186: An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
CVE-2023-25186 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
Vulnerability data or affected products updated.
Vulnerability first announced in NVD.
Attack Vector Matrix
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
Affected Stack
No specific products linked.