What is CVE-2023-25188?

CVE-2023-25188 is a vulnerability found on NOKIA Airscale ASIKA Single RAN devices before 21B, which allows unauthenticated access to the BTS baseband unit diagnostic tool AaShell.

How severe is CVE-2023-25188?

CVE-2023-25188 has a severity rating of 7.8 (High).

Which software versions are affected by CVE-2023-25188?

CVE-2023-25188 affects NOKIA Airscale ASIKA Single RAN devices with firmware versions 19b, 20a, 20b, 20c, and 21a.

How can I fix CVE-2023-25188?

To fix CVE-2023-25188, it is recommended to update the firmware of the NOKIA Airscale ASIKA Single RAN device to version 21B or later.

Where can I find more information about CVE-2023-25188?

More information about CVE-2023-25188 can be found in the product security advisory on the Nokia website.

Vulnerability/
CVE-2023-25188

high

7.8

CWE

269 346

16/6/2023

12/12/2024

CVE-2023-25188

First published: Fri Jun 16 2023(Updated: )

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Nokia Asika Airscale Firmware	=19b
Nokia Asika Airscale Firmware	=20a
Nokia Asika Airscale Firmware	=20b
Nokia Asika Airscale Firmware	=20c
Nokia Asika Airscale Firmware	=21a
Nokia Asika Airscale
All of
Any of
Nokia Asika Airscale Firmware	=19b
Nokia Asika Airscale Firmware	=20a
Nokia Asika Airscale Firmware	=20b
Nokia Asika Airscale Firmware	=20c
Nokia Asika Airscale Firmware	=21a
Nokia Asika Airscale

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-25188?
CVE-2023-25188 is a vulnerability found on NOKIA Airscale ASIKA Single RAN devices before 21B, which allows unauthenticated access to the BTS baseband unit diagnostic tool AaShell.
How severe is CVE-2023-25188?
CVE-2023-25188 has a severity rating of 7.8 (High).
Which software versions are affected by CVE-2023-25188?
CVE-2023-25188 affects NOKIA Airscale ASIKA Single RAN devices with firmware versions 19b, 20a, 20b, 20c, and 21a.
How can I fix CVE-2023-25188?
To fix CVE-2023-25188, it is recommended to update the firmware of the NOKIA Airscale ASIKA Single RAN device to version 21B or later.
Where can I find more information about CVE-2023-25188?
More information about CVE-2023-25188 can be found in the product security advisory on the Nokia website.

collector/nvd-index
agent/references
agent/type
agent/severity
agent/event
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/weakness
agent/author
agent/softwarecombine
agent/tags
agent/source
vendor/nokia
canonical/nokia asika airscale firmware
version/nokia asika airscale firmware/19b
version/nokia asika airscale firmware/20a
version/nokia asika airscale firmware/20b
version/nokia asika airscale firmware/20c
version/nokia asika airscale firmware/21a
canonical/nokia asika airscale

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.