Nokia Single RAN SOAP Input Validation Vulnerability Leading to Denial-of-Service
Vulnerability
A denial-of-service vulnerability has been identified in Nokia Single RAN baseband software versions prior to 24R1-SR 2.1 MP. The issue arises from a flaw in SOAP message input validation, which could theoretically be exploited to cause resource exhaustion in the Single RAN baseband OAM service. However, no practical exploit has been detected. The vulnerability can only be exploited from within the Mobile Network Operator's internal Radio Access Network management network by sending malformed SOAP messages. The flaw has been addressed in release 24R1-SR 2.1 MP by implementing adequate input validation for incoming SOAP requests, effectively mitigating the issue.
Impact
Exploitation of this vulnerability could lead to resource exhaustion in the Single RAN baseband OAM service, causing a denial-of-service condition.
Remediation
Users can upgrade to Nokia Single RAN baseband software version 24R1-SR 2.1 MP or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.