Description
An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive password in firmware update packages allows attackers to access various appliance services via hardcoded credentials.
CVSS Metrics
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- adjacent network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-312CWE-798
Metadata
- Primary Vendor
- NOKIA
- Published
- 9/30/2024
- Last Modified
- 5/30/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
nokia : hit_7300_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.