Description
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
- Attack Vector
- local
- Complexity
- high
- Privileges
- none
- User Action
- none
- Scope
- changed
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- NVD-CWE-OtherCWE-284
Metadata
- Primary Vendor
- NOKIA
- Published
- 10/4/2023
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
nokia : wavelite_metro_200_and_fan_firmwarenokia : wavelite_metro_200_ops_and_fans_firmwarenokia : wavelite_metro_200_and_f2b_fans_firmwarenokia : wavelite_metro_200_ops_and_f2b_fans_firmwarenokia : wavelite_metro_200_ne_and_f2b_fans_firmwarenokia : wavelite_metro_200_ne_ops_and_f2b_fans_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.