Skip to main content

Nokia CVE-2022-45899

| EUVDEUVD-2022-48746 MEDIUM
OS Command Injection (CWE-78)
2026-05-08 mitre GHSA-6f3j-w8c5-257p
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Severity Changed
May 08, 2026 - 14:22 NVD
LOW MEDIUM
CVSS changed
May 08, 2026 - 14:22 NVD
-1.0 (LOW) 6.5 (MEDIUM)
CVE Published
May 08, 2026 - 00:00 cve.org
MEDIUM 6.5

DescriptionCVE.org

Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.

AnalysisAI

Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. Affected products include: N/A. Version information: before 13.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

More in Nokia

View all
CVE-2012-2619 HIGH POC
7.8 Nov 14

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Moto

CVE-2022-28866 HIGH POC
8.8 Oct 12

Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. Rated high severi

CVE-2021-45896 HIGH POC
8.8 Dec 27

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_we

CVE-2019-17403 HIGH POC
8.8 Nov 25

Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Rated hi

CVE-2022-36222 HIGH POC
8.4 Dec 21

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5

CVE-2023-41376 HIGH POC
7.5 Aug 29

Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enab

CVE-2012-2442 MEDIUM POC
4.3 Jul 25

Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial

CVE-2019-7386 MEDIUM POC
6.5 Mar 21

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810

CVE-2023-25187 HIGH POC
7.0 Jun 16

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.0). Public ex

CVE-2014-6602 MEDIUM POC
6.6 Sep 22

Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass th

CVE-2022-36221 MEDIUM POC
6.5 Dec 21

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to rea

CVE-2021-26597 MEDIUM POC
6.5 Mar 25

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitabl

Share

CVE-2022-45899 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy