CVE-2025-27026
BaseFortify
Publication date: 2025-07-02
Last updated on: 2026-02-11
Assigner: ENISA
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | g42_firmware | From 6.1.3 (inc) to 8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1220 | The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to a missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3. An authenticated administrator can deactivate the CLI via the WebGUI without confirmation, which not only stops the CLI interface but also disables Linux Shell, WebGUI, and Physical Serial Console access. This can result in losing all management access to the device.
How can this vulnerability impact me? :
The vulnerability can cause administrators to lose all access to the device's management interfaces, including CLI, Linux Shell, WebGUI, and Physical Serial Console. This means device control can be completely lost, potentially impacting device availability and management.