cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-25185,https://securityvulnerability.io/vulnerability/CVE-2023-25185,Privilege Escalation in Nokia Airscale ASIKA Single RAN Devices,"A security flaw has been identified in the Nokia Airscale ASIKA Single RAN devices prior to release 21B. This vulnerability stems from internal software processes within the BTS design that operate with excessive privileges, permitting unauthorized access to BTS embedded operating system resources. The implications of such a vulnerability could lead to significant disruptions, highlighting the need for immediate attention from network operators.",Nokia,Asika Airscale Firmware,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-16T00:00:00.000Z,0
CVE-2023-25186,https://securityvulnerability.io/vulnerability/CVE-2023-25186,Directory Path Traversal in Nokia Airscale ASIKA Single RAN Devices,"A vulnerability has been found in Nokia's Airscale ASIKA Single RAN devices prior to version 21B. This issue arises when a CSP (as a BTS administrator) disables critical security hardenings within the Nokia Single RAN BTS baseband unit. The flaw is in the diagnostic tool AaShell, which, although disabled by default, allows a directory path traversal. This can potentially grant unauthorized access to the internal filesystem of the BTS baseband unit through the management network of the mobile network solution, exposing it to risks such as unauthorized data access or manipulation.",Nokia,Asika Airscale Firmware,2.8,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-06-16T00:00:00.000Z,0
CVE-2023-25187,https://securityvulnerability.io/vulnerability/CVE-2023-25187,SSH Key Mismanagement in NOKIA Airscale ASIKA Single RAN Devices,"A vulnerability has been identified in NOKIA Airscale ASIKA Single RAN devices prior to version 21B due to inadequate procedures for managing SSH public/private keys. The devices retain original factory default keys specific to network operators, and the default SSH server meant to be deactivated poses a risk. Specifically, during commissioning, instructions to replace these default keys with operator-specific values were not provided in the manuals. This oversight can facilitate man-in-the-middle (MITM) attacks by malicious insiders when SSH is enabled for service activities, potentially compromising secure access to the base transceiver station (BTS) services while troubleshooting.",Nokia,Asika Airscale Firmware,7,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2023-06-16T00:00:00.000Z,0
CVE-2023-25188,https://securityvulnerability.io/vulnerability/CVE-2023-25188,Unauthenticated Access Vulnerability in Nokia Airscale ASIKA Single RAN Devices,"An identified issue in Nokia Airscale ASIKA Single RAN devices exposes a risk where baseline security hardening measures can be removed by a BTS administrator. This misconfiguration allows for potential unauthenticated access to the BTS baseband unit diagnostic tool, AaShell, which is disabled by default. Such access can compromise the integrity of the internally managed BTS system, specifically impacting the embedded Linux operating system utilized within these network components.",Nokia,Asika Airscale Firmware,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-16T00:00:00.000Z,0