CVE-2023-6729

Published Oct 17, 2024

Last updated a month ago

CVSS high 7.3

Overview

Description
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.
Source
b48c3b8f-639e-4c16-8725-497bc411dad0
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.3
Impact score
5.9
Exploitability score
1.3
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-732

Social media

Hype score
Not currently trending

  1. CVE-2023-6729 (CVSS:7.3, HIGH) is Awaiting Analysis. Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access ..https://t.co/Ezyc2Tx7Vc #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    22 Oct 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References