Description

Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.

INFO

Published Date :

2024-10-17T12:19:19.805Z

Last Modified :

2024-10-17T14:59:12.920Z

Source :

Nokia
AFFECTED PRODUCTS

The following products are affected by CVE-2023-6729 vulnerability.

Vendors Products
Nokia
  • Service Router Operating System
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-6729.

URL Resource
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6729/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact