Lucene search

MitreCVELIST:CVE-2023-26062

HistoryJun 14, 2023 - 12:00 a.m.

CVE-2023-26062

2023-06-1400:00:00

mitre

www.cve.org

cve-2023-26062

mobile network solution

nokia web element manager

authenticated user

administrative functions

exploitation

csp

bts management network

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network.

References

nokia.com

www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-26062/

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-26062