Nokia Single RAN AirScale Lack of Re-authentication Vulnerability Allowing Internal Board Access

A vulnerability exists in Nokia Single RAN AirScale baseband, prior to release 23R4-SR 3.0 MP, allowing an authenticated administrative user to access all physical boards after a single login to the baseband system board. The issue arises because the baseband does not require re-authentication when the user connects from the system board to the capacity boards via the internal bsoc SSH service. This service, available only within the baseband and through the internal backplane between boards, allows login from one board to another using an SSH private key from the system board. Although this capability was once considered administrative, it has been restricted to baseband root-privileged administrators to prevent misuse from lower-level privileges. The vulnerability is not exploitable from outside the Mobile Network Operator's internal architecture and has not been detected to cause any practical harm, other than the lack of re-authentication.

Impact

Exploitation of this vulnerability allows an authenticated administrative user to access all physical boards without needing to re-authenticate, potentially leading to unauthorized actions or access on those boards.

Remediation

Users can upgrade to Nokia Single RAN AirScale release 23R4-SR 3.0 MP or later to address this vulnerability.