CVE-2023-6729

Oct. 18, 2024, 12:52 p.m.

7.3
High

Description

Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.

Product(s) Impacted

Product Versions
Nokia SR OS routers
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6729/

Tags

CWE-732
b48c3b8f-639e-4c16-8725-497bc411dad0
2024-10-17
CVE-2023-6729

CVSS Score

7.3 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Oct. 17, 2024, 1:15 p.m.
Last Modified: Oct. 18, 2024, 12:52 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

b48c3b8f-639e-4c16-8725-497bc411dad0

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.