What is CVE-2023-25186?

CVE-2023-25186 is a vulnerability found in NOKIA Airscale ASIKA Single RAN devices before 21B, which allows directory path traversal in the Nokia BTS baseband unit diagnostic tool.

How severe is CVE-2023-25186?

CVE-2023-25186 has a severity rating of 2.8, considered medium.

What software versions are affected by CVE-2023-25186?

CVE-2023-25186 affects NOKIA Airscale ASIKA Single RAN devices with firmware versions 19b, 20a, 20b, 20c, and 21a.

What is the CWE ID for CVE-2023-25186?

The CWE ID for CVE-2023-25186 is CWE-22.

Where can I find more information about CVE-2023-25186?

You can find more information about CVE-2023-25186 on the official Nokia website and their product security advisory page.

Vulnerability/
CVE-2023-25186

medium

5.1

CWE

16/6/2023

11/12/2024

CVE-2023-25186: Path Traversal

First published: Fri Jun 16 2023(Updated: )

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Nokia Asika Airscale Firmware	=19b
Nokia Asika Airscale Firmware	=20a
Nokia Asika Airscale Firmware	=20b
Nokia Asika Airscale Firmware	=20c
Nokia Asika Airscale Firmware	=21a
Nokia Asika Airscale

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-25186?
CVE-2023-25186 is a vulnerability found in NOKIA Airscale ASIKA Single RAN devices before 21B, which allows directory path traversal in the Nokia BTS baseband unit diagnostic tool.
How severe is CVE-2023-25186?
CVE-2023-25186 has a severity rating of 2.8, considered medium.
What software versions are affected by CVE-2023-25186?
CVE-2023-25186 affects NOKIA Airscale ASIKA Single RAN devices with firmware versions 19b, 20a, 20b, 20c, and 21a.
What is the CWE ID for CVE-2023-25186?
The CWE ID for CVE-2023-25186 is CWE-22.
Where can I find more information about CVE-2023-25186?
You can find more information about CVE-2023-25186 on the official Nokia website and their product security advisory page.

collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/tags
agent/description
agent/event
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/nokia
canonical/nokia asika airscale firmware
version/nokia asika airscale firmware/19b
version/nokia asika airscale firmware/20a
version/nokia asika airscale firmware/20b
version/nokia asika airscale firmware/20c
version/nokia asika airscale firmware/21a
canonical/nokia asika airscale

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.