Asika Airscale Firmware
CVE-2023-25187
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.
AnalysisAI
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities. Affected products include: Nokia Asika Airscale Firmware. Version information: before 21.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
More in Asika Airscale Firmware
View allAn issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.8), this vuln
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated high severity (CVSS 7.8), this vuln
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Rated low severity (CVSS 2.8), this vulne
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today