Primary

Context

Nokia WaveSuite NOC Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in Nokia WaveSuite NOC versions WS-NOC 24.6, WS-NOC 23.6, and WS-NOC 23.12. This vulnerability allows user input to be passed unfiltered to a command executed on the underlying operating system. The affected component is connected to the network stack, potentially exposing the vulnerability to attackers across the Internet. An individual with low privileged access to the application could exploit this issue to execute commands on the operating system, under the context of the web server.

Impact

Exploitation of this vulnerability allows for command execution on the underlying operating system, with the commands being executed in the context of the web server.

Remediation

Users can upgrade to Nokia WaveSuite NOC 24.6 FP3 or later to address this vulnerability.

Added: Jul 21, 2025, 7:29 AM

Updated: Jul 21, 2025, 7:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nokia WaveSuite NOC Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating