Filtered by vendor Nokia
Subscribe
Total
80 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-2484 | 1 Nokia | 2 Asik Airscale 474021a.101, Asik Airscale 474021a.101 Firmware | 2023-01-12 | N/A | 7.8 HIGH |
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs. | |||||
CVE-2022-2483 | 1 Nokia | 4 Asik Airscale 474021a.101, Asik Airscale 474021a.101 Firmware, Asik Airscale 474021a.102 and 1 more | 2023-01-12 | N/A | 7.1 HIGH |
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device. | |||||
CVE-2022-2482 | 1 Nokia | 4 Asik Airscale 474021a.101, Asik Airscale 474021a.101 Firmware, Asik Airscale 474021a.102 and 1 more | 2023-01-12 | N/A | 8.8 HIGH |
A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. | |||||
CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2022-12-28 | N/A | 6.5 MEDIUM |
Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | |||||
CVE-2022-36222 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2022-12-28 | N/A | 8.4 HIGH |
Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | |||||
CVE-2019-3918 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2022-12-03 | 10.0 HIGH | 9.8 CRITICAL |
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. | |||||
CVE-2019-3920 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2022-12-03 | 6.5 MEDIUM | 8.8 HIGH |
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/. | |||||
CVE-2019-3919 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2022-12-03 | 6.5 MEDIUM | 8.8 HIGH |
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. | |||||
CVE-2022-28866 | 1 Nokia | 1 Airframe Bmc Web Gui R18 Firmware | 2022-10-13 | N/A | 8.8 HIGH |
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity). | |||||
CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2022-10-06 | N/A | 8.8 HIGH |
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. | |||||
CVE-2022-39816 | 1 Nokia | 1 1350 Optical Management System | 2022-09-30 | N/A | 6.5 MEDIUM |
In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | |||||
CVE-2022-39819 | 1 Nokia | 1 1350 Optical Management System | 2022-09-30 | N/A | 8.8 HIGH |
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system. | |||||
CVE-2022-39815 | 1 Nokia | 1 1350 Optical Management System | 2022-09-30 | N/A | 9.8 CRITICAL |
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system. | |||||
CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2022-09-30 | N/A | 7.5 HIGH |
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | |||||
CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.1 MEDIUM |
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | |||||
CVE-2022-40712 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.1 MEDIUM |
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. | |||||
CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
CVE-2022-38788 | 1 Nokia | 2 Fastmile 5g Receiver, Fastmile 5g Receiver Firmware | 2022-09-20 | N/A | 4.3 MEDIUM |
An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key). | |||||
CVE-2022-39814 | 1 Nokia | 1 1350 Optical Management System | 2022-09-16 | N/A | 6.1 MEDIUM |
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. |