216.73.217.64

CVE-2023-6729

· Published 17/10/2024 13:15 · Modified 18/10/2024 12:52

Labels: CVE-2023-6729 2024-10-17CVE-2023-6729CWE-732b48c3b8f-639e-4c16-8725-497bc411dad0

Essential information

Published
17/10/2024 13:15
Modified
18/10/2024 12:52
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
b48c3b8f-639e-4c16-8725-497bc411dad0
NVD
View on NVD

References