What is the severity of CVE-2023-22618?

The severity of CVE-2023-22618 is high with a severity value of 7.8.

Which products are affected by CVE-2023-22618?

Nokia WaveLite products including WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, and WaveLite Metro 200 and F2B fans are affected by CVE-2023-22618.

How can a local user exploit CVE-2023-22618?

A local user can exploit CVE-2023-22618 by manipulating a web request to create new users with administrative privileges in Nokia WaveLite products.

Where can I find more information about CVE-2023-22618?

You can find more information about CVE-2023-22618 on the official Nokia website and in the product security advisory.

Vulnerability/
CVE-2023-22618

high

8.1

CWE

284

4/10/2023

20/9/2024

CVE-2023-22618

Q: What is CVE-2023-22618?

CVE-2023-22618 is a vulnerability that allows a local user to create new users with administrative privileges by manipulating a web request in Nokia WaveLite products if Security Hardening guide rules are not followed.

First published: Wed Oct 04 2023(Updated: )

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Nokia Wavelite Metro 200 And Fan Firmware	<r2.1.1
Nokia Wavelite Metro 200 And Fan
Nokia Wavelite Metro 200 Ops And Fans Firmware	<r2.1.1
Nokia Wavelite Metro 200 Ops And Fans
Nokia Wavelite Metro 200 And F2b Fans Firmware	<r2.1.1
Nokia Wavelite Metro 200 And F2b Fans
Nokia Wavelite Metro 200 Ops And F2b Fans Firmware	<r2.1.1
Nokia Wavelite Metro 200 Ops And F2b Fans
Nokia Wavelite Metro 200 Ne And F2b Fans Firmware	<r2.1.1
Nokia Wavelite Metro 200 Ne And F2b Fans
Nokia Wavelite Metro 200 Ne Ops And F2b Fans Firmware	<r2.1.1
Nokia Wavelite Metro 200 Ne Ops And F2b Fans
All of
Nokia Wavelite Metro 200 And Fan
Nokia Wavelite Metro 200 And Fan Firmware	<r2.1.1
All of
Nokia Wavelite Metro 200 Ops And Fans
Nokia Wavelite Metro 200 Ops And Fans Firmware	<r2.1.1
All of
Nokia Wavelite Metro 200 And F2b Fans
Nokia Wavelite Metro 200 And F2b Fans Firmware	<r2.1.1
All of
Nokia Wavelite Metro 200 Ops And F2b Fans
Nokia Wavelite Metro 200 Ops And F2b Fans Firmware	<r2.1.1
All of
Nokia Wavelite Metro 200 Ne And F2b Fans
Nokia Wavelite Metro 200 Ne And F2b Fans Firmware	<r2.1.1
All of
Nokia Wavelite Metro 200 Ne Ops And F2b Fans
Nokia Wavelite Metro 200 Ne Ops And F2b Fans Firmware	<r2.1.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-22618?
CVE-2023-22618 is a vulnerability that allows a local user to create new users with administrative privileges by manipulating a web request in Nokia WaveLite products if Security Hardening guide rules are not followed.
What is the severity of CVE-2023-22618?
The severity of CVE-2023-22618 is high with a severity value of 7.8.
Which products are affected by CVE-2023-22618?
Nokia WaveLite products including WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, and WaveLite Metro 200 and F2B fans are affected by CVE-2023-22618.
How can a local user exploit CVE-2023-22618?
A local user can exploit CVE-2023-22618 by manipulating a web request to create new users with administrative privileges in Nokia WaveLite products.
Where can I find more information about CVE-2023-22618?
You can find more information about CVE-2023-22618 on the official Nokia website and in the product security advisory.

collector/nvd-index
agent/references
agent/author
agent/type
agent/severity
agent/description
agent/event
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/weakness
agent/softwarecombine
agent/tags
vendor/nokia
canonical/nokia wavelite metro 200 and fan firmware
canonical/nokia wavelite metro 200 and fan
canonical/nokia wavelite metro 200 ops and fans firmware
canonical/nokia wavelite metro 200 ops and fans
canonical/nokia wavelite metro 200 and f2b fans firmware
canonical/nokia wavelite metro 200 and f2b fans
canonical/nokia wavelite metro 200 ops and f2b fans firmware
canonical/nokia wavelite metro 200 ops and f2b fans
canonical/nokia wavelite metro 200 ne and f2b fans firmware
canonical/nokia wavelite metro 200 ne and f2b fans
canonical/nokia wavelite metro 200 ne ops and f2b fans firmware
canonical/nokia wavelite metro 200 ne ops and f2b fans

CVE-2023-22618

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-22618?

What is the severity of CVE-2023-22618?

Which products are affected by CVE-2023-22618?

How can a local user exploit CVE-2023-22618?

Where can I find more information about CVE-2023-22618?

Company

Resources

Contact