Nokia CloudBand and Container Service Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the cbis_manager Podman container, affecting Nokia CloudBand Infrastructure Software (CBIS) version 22 and Nokia Container Service (NCS) versions 22.12 and 23.10. The vulnerability arises from improper sanitization of HTTP headers X-FILENAME, X-PAGE, and X-FIELD at the /api/plugins endpoint. These headers are used directly in the subprocess.Popen function without sufficient validation, allowing remote attackers to inject commands that are executed on the underlying system with root privileges. This exploitation could lead to unauthorized command execution with elevated rights. While a fix is available in CBIS 22 FP1 MP1.2, NCS 22.12 MP3, and NCS 23.10 MP1, restricting access to the management network with an external firewall can partially mitigate the risk.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system, with the executed commands running as the root user within the container environment.

Remediation

Users can upgrade to CBIS 22 FP1 MP1.2, NCS 22.12 MP3, or NCS 23.10 MP1 to address this vulnerability.