CVE-2025-24332
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-07-03
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Nokia Single RAN AirScale baseband system where an authenticated administrative user can access all physical boards after a single login to the baseband system board. The system does not require re-authentication when the user connects from the system board to other baseband capacity boards via an internal SSH service (bsoc SSH) that uses a private key stored on the system board. This allows potentially broader access within the baseband without additional authentication steps. The vulnerability has been mitigated by restricting this SSH access to only root-privileged administrators starting from release 23R4-SR 3.0 MP and later.
How can this vulnerability impact me? :
The vulnerability could allow an authenticated administrative user to move laterally within the baseband system without re-authentication, potentially accessing all physical boards. This could lead to unauthorized access or misuse of system resources if lower-privileged users gain administrative access initially. The risk is mitigated in newer releases by restricting the internal SSH access to root-privileged administrators only.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that only baseband root-privileged administrators have access to the bsoc SSH service. Upgrade your Nokia Single RAN AirScale baseband system to release 23R4-SR 3.0 MP or later, where this restriction is enforced to prevent misuse by lower-level privileges.