CVE-2023-25189
Nokia BTS service operation log information disclosure for network operator administrators

BTS is affected by information disclosure vulnerability where mobile network operator personnel can get access to Nokia BTS service operation log, which contains Nokia Care service personnel performed BTS service operation details.

Nokia Care services BTS equipment using SSH protocol connection to BTS via mobile network solution internal management networks. SSH service access is disabled on BTS when BTS is in normal operational mode and operator personnel enables the BTS SSH access for maintenance window periods.

As a result of BTS design fault, BTS sends the SSH command log – containing Nokia services performed SSH command operations – for network operator used Element Management (EM) GUI admin interface during maintenance window periods (i.e. when SSH access is enabled). This is considered an information disclosure type BTS vulnerability as operator personnel access to Nokia service performed operation details via SSH command logs is not a productized BTS functionality.

This BTS product fault is limited to the internal management network of the mobile network solution. It cannot be exploited from external sources like user devices, roaming networks, or the internet.

Fix has been provided from Nokia Single RAN 24R1 onwards.

• Lena David from Synacktiv
• Geoffrey Bertoli from Synacktiv