Nokia Broadcast Message Center OS Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability has been identified in Nokia Broadcast Message Center (BMC) versions prior to 13.1. This vulnerability allows an unauthenticated remote attacker to execute operating system commands with root privileges. The issue arises from the Log Scanner Search Pattern field, where shell metacharacters can be used to inject commands.

Impact

Exploitation of this vulnerability leads to unauthorized remote code execution with root privileges on the affected system.

Reproduction

To reproduce this vulnerability, access the BMC Log Scanner web application. In the Search Pattern field, enter a command injection payload by including shell metacharacters, such as a semicolon followed by a double quote and a Linux command. Once the payload is submitted, the injected command will be executed with root privileges. This can be verified by executing commands that require root access, such as 'id' or by accessing the '/etc/shadow' file.

Remediation

Users are advised to update to Nokia BMC version 13.1 or later, where this vulnerability has been fixed.