{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25185", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-06-16T00:00:00", "dateReserved": "2023-02-04T00:00:00", "datePublished": "2023-06-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-06-16T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://Nokia.com"}, {"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:H/AV:L/A:L/C:L/I:L/PR:H/S:U/UI:R", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:19b:*:*:*:*:*:*:*", "matchCriteriaId": "FE8E3A0E-3B21-49D8-A4EE-33FE5FBA7B51", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20a:*:*:*:*:*:*:*", "matchCriteriaId": "A612E565-7686-4C20-99AF-67B283328A42", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20b:*:*:*:*:*:*:*", "matchCriteriaId": "5AE52024-F5EE-42F6-AC3A-702E87B1ABF2", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:20c:*:*:*:*:*:*:*", "matchCriteriaId": "DA68A71E-A8FB-4448-BE75-318E4582FC43", "vulnerable": true}, {"criteria": "cpe:2.3:o:nokia:asika_airscale_firmware:21a:*:*:*:*:*:*:*", "matchCriteriaId": "B2FAA373-A46D-48A6-8A08-F66F4F3604C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asika_airscale:-:*:*:*:*:*:*:*", "matchCriteriaId": "61C0B724-C7EA-4214-98CF-49812292332B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources."}], "id": "CVE-2023-25185", "lastModified": "2023-06-30T16:00:32.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 3.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2023-06-16T19:15:14.360", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://Nokia.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25185/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}