In today’s rapidly evolving digital landscape, securing critical infrastructure and applications is more important than ever. Nokia, a global leader in telecommunications, has recently issued two important security advisories for its CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS).
These vulnerabilities, tracked as CVE-2023-49564 and CVE-2023-49565, affect some versions of these products, and both come with severe risks, including authentication bypass and remote code execution. Let’s break down what these vulnerabilities mean and how to protect your systems.
CVE-2023-49564: Authentication Bypass
What is it?
The first vulnerability, tracked as CVE-2023-49564 (with CVSS severity score of 9.6), is an authentication bypass vulnerability that impacts the CBIS/NCS Manager API. This flaw allows unauthorized users to gain access to restricted or sensitive API functions by sending a specially crafted HTTP header. Essentially, an attacker can bypass the authentication mechanism entirely, gaining access to the system without needing valid credentials. This opens the door for potential unauthorized actions and security breaches.
Impact and Severity
This vulnerability is rated with a CVSS score of 9.6, indicating its high severity. The issue stems from a weak verification mechanism within the authentication process on the Nginx Podman container running on the CBIS/NCS Manager host machine. If exploited, an attacker could easily access protected resources, posing significant risks to data security and system integrity.
Affected products and versions include:
- CloudBand Infrastructure Software (CBIS): Version 22
- Nokia Container Service (NCS): Version 22.12
Nokia has provided a fix in:
- CBIS 22 FP1 MP1.2
- NCS 22.12 MP3
In the meantime, restricting access to the management network using an external firewall can help reduce the risk of exploitation.
CVE-2023-49565 is a Remote Code Execution (RCE) vulnerability in the CBIS Manager Podman container. This flaw occurs due to improper sanitization of HTTP headers (X-FILENAME, X-PAGE, and X-FIELD), which can be exploited by attackers to inject malicious commands. The vulnerability is located at the /api/plugins endpoint and because the web service operates with root privileges, could allows attackers to execute arbitrary commands on the underlying system, leading to potentially escalated privileges or full system compromise.
Affected products and versions include:
- CloudBand Infrastructure Software (CBIS): Version 22
- Nokia Container Service (NCS): Versions 22.12 and 23.10
A fix for this issue has been provided in:
- CBIS 22 FP1 MP1.2
- NCS 22.12 MP3
- NCS 23.10 MP1
Again, restricting access to the management network with an external firewall can offer partial protection in the meantime.
For organizations using the affected Nokia products, the best course of action is to apply the provided fixes as soon as possible. Both vulnerabilities, if left unaddressed, could lead to significant security risks, including unauthorized access, data breaches, and full system compromise. In addition to patching, you can further reduce risk by restricting access to sensitive systems and endpoints via firewalls and other network security measures.
Additional vulnerability and update information can be found on the product security advisory page.
Leave a Reply