During my work at Orange I manage to find some vulnerabilities on a sensitive Nokia asset.
Mitre: CVE-2023-29467
I can say that it is a set of three vulnerabilities
- CVE-2023-49564
- CVE-2023-29467
- CVE-2023-49565
That are criticals, CVSS:8.4 up to CVSS:9.4 and they are a chain of 1 authentication bypass and 2 Remote Code Execution resulting in root access on the asset.
And I am glad to have joined the Nokia Hall of Fame for these findings
- CVE-2023-49564
- CVE-2023-29467
- CVE-2023-49565
That are criticals, CVSS:8.4 up to CVSS:9.4 and they are a chain of 1 authentication bypass and 2 Remote Code Execution resulting in root access on the asset.
And I am glad to have joined the Nokia Hall of Fame for these findings