CVE-2023-25185

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Asika_airscale_firmware	Nokia	19b (including)	19b (including)
Asika_airscale_firmware	Nokia	20a (including)	20a (including)
Asika_airscale_firmware	Nokia	20b (including)	20b (including)
Asika_airscale_firmware	Nokia	20c (including)	20c (including)
Asika_airscale_firmware	Nokia	21a (including)	21a (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

https://Nokia.com
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-25185
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References