Vulnerabilites related to Nokia - CBIS,NCS
CVE-2023-49565 (GCVE-0-2023-49565)
Vulnerability from cvelistv5
Published
2025-09-18 06:11
Modified
2025-09-18 17:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without adequate validation, enabling a remote attacker to execute arbitrary commands on the underlying system by crafting malicious header values within an HTTP request to the affected endpoint.
The web service executes with root privileges within the container environment, the demonstrated remote code execution permits an attacker to acquire elevated privileges for the command execution.
Restricting access to the management network with an external firewall can partially mitigate this risk.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T17:56:06.818678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T17:56:10.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CBIS,NCS",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "CBIS 22, NCS 22.12, NCS 23.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without adequate validation, enabling a remote attacker to execute arbitrary commands on the underlying system by crafting malicious header values within an HTTP request to the affected endpoint.\nThe web service executes with root privileges within the container environment, the demonstrated remote code execution permits an attacker to acquire elevated privileges for the command execution.\nRestricting access to the management network with an external firewall can partially mitigate this risk."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T06:11:53.618Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/CVE-2023-49565/"
}
],
"title": "Remote Code Execution",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2023-49565",
"datePublished": "2025-09-18T06:11:53.618Z",
"dateReserved": "2023-11-27T09:09:46.615Z",
"dateUpdated": "2025-09-18T17:56:10.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49564 (GCVE-0-2023-49564)
Vulnerability from cvelistv5
Published
2025-09-18 06:10
Modified
2025-09-18 18:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine.
The risk can be partially mitigated by restricting access to the management network using external firewall.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T18:00:56.831578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T18:01:12.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CBIS,NCS",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "CBIS 22, NCS 22.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine.\nThe risk can be partially mitigated by restricting access to the management network using external firewall."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T06:10:27.787Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/CVE-2023-49564/"
}
],
"title": "Authentication Bypass",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2023-49564",
"datePublished": "2025-09-18T06:10:27.787Z",
"dateReserved": "2023-11-27T09:09:46.615Z",
"dateUpdated": "2025-09-18T18:01:12.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}