Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Nokia Siemens FlexiISN GGSN Authentication Bypass

🗓️ 30 Mar 2009 00:00:00Reported by TaMBaRuSType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 44 Views

Nokia Siemens FlexiISN GGSN Authentication Bypass Vulnerability on Flexi ISN 3.

Code
`NOKIA Siemens FlexiISN GGSN Multiple Authentication bypass Vulnerability: NOKIA Siemens FlexiISN  
  
Remote: Yes   
  
Local: No   
  
Class: Input Validation Error   
  
Critical: Moderately critical   
  
OS : FlexiISN (GGSN) FISN 3.1  
  
URL 1 for bypassing authentication on AAA Configuration: http://[Flexi-ISN IP]/cgi-bin/aaa.tcl?  
  
URL 2 for bypassing authentication on Aggregation Class Configuration : http://[Flexi-ISN IP]/cgi-bin/aggr_config.tcl?  
  
URL 3 for bypassing authentication on GGSN general Configuration : http://[Flexi-ISN IP]/opt/cgi-bin/ggsn/cgi.tcl?page=ggsnconf  
  
URL 4 for bypassing authentication on Network Access & services : http://[Flexi-ISN IP]/opt/cgi-bin/services.tcl?instance=default  
  
Published: March 30, 2009  
  
Discovered by: TaMbaRuS ([email protected])  
  
Site: www.nokiasiemensnetworks.com  
  
Greetz: Mr. Gabriel Waller from NSN for all his support for researching on the vulnerabilities.  
  
Description:  
  
The Flexi ISN, which performs GPRS Gateway Service Node (GGSN) and data charging functionalities, is fully integrated with the existing Nokia Siemens Networks charge@once prepaid solution to enable flexible charging of data services. The systems integration services ensure seamless consumer experience, while managing an increasingly complex combination of new processes and systems.  
  
With the introduction of Flexi ISN, mobile telekom service provider is able to combine all in one box a GGSN and an Intelligent Charging Node. The deployed Flexi ISN 3.1 system is able, through deep packet inspection, to distinguish the type of traffic such as HTTP browsing, WAP browsing, MMS, streaming, content download thus enabling different charging models based on the type of data service used.`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Mar 2009 00:00Current
1Low risk
Vulners AI Score1
nokia siemens flexiisn ggsnauthentication bypassvulnerabilityflexi isn 3.1remoteinput validation errorcriticalosaaa configurationaggregation class configurationggsn general configurationnetwork access & servicesdiscoveredsystems integration servicesdeep packet inspection
44