Nokia Single RAN Buffer Overflow Vulnerability in OAM Service Component

A buffer overflow vulnerability has been identified in the Nokia Single RAN baseband OAM service component, specifically in the NE3S OAM service (Ne3sadapter), in all releases prior to 24R1-SR 1.0 MP. This vulnerability can be exploited by sending a crafted SOAP 'set' operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network. The exploitation causes a stack overflow, leading to an automatic restart of the OAM service component. However, this restart does not affect the base station or degrade network services, and there is no permanent impact on the OAM service.

Impact

Exploitation of this vulnerability causes a stack overflow in the OAM service component, leading to an automatic restart of the service. This restart does not disrupt base station operations or network services, and there is no lasting impact on the OAM service.

Reproduction

To reproduce this vulnerability, send a crafted SOAP 'set' operation message through the MNO internal RAN management network. The message must include a malformed 'primaryDocument' parameter to trigger the stack overflow in the Nokia Single RAN baseband OAM service component.

Remediation

Users can upgrade to Nokia Single RAN release 24R1-SR 1.0 MP or later to address this vulnerability.