CVE-2023-49564
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-18
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | container_service | 22.12 |
| nokia | cloudband_infrastructure_software | 22 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in the CBIS/NCS Manager API. An attacker can send a specially crafted HTTP header to the API, which allows them to gain unauthorized access to restricted or sensitive API functions without providing valid credentials. The issue stems from a weak verification mechanism in the authentication implementation within the Nginx Podman container on the CBIS/NCS Manager host machine.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to access restricted or sensitive API endpoints without authentication, potentially leading to unauthorized actions, data exposure, or control over parts of the system that should be protected. This could compromise the security and integrity of the affected system.
What immediate steps should I take to mitigate this vulnerability?
The risk can be partially mitigated by restricting access to the management network using an external firewall.