Primary

Context

Nokia WaveSuite NOC Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in Nokia WaveSuite NOC versions WS-NOC 24.6, WS-NOC 23.6, and WS-NOC 23.12. This vulnerability allows user input to be passed unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) could exploit this issue to execute commands on the operating system under the context of the web server. The vulnerable component is bound to the network stack, potentially allowing exploitation from the entire Internet. The vulnerability can be exploited while creating a new user from the user management interface.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the operating system, under the context of the web server.

Remediation

Users can upgrade to Nokia WaveSuite NOC 24.6 FP3 or later to address this vulnerability.

Added: Jul 21, 2025, 7:25 AM

Updated: Jul 21, 2025, 7:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nokia WaveSuite NOC Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating