During my work at Orange I manage to find some vulnerabilities on a sensitive Nokia asset.
I can't disclose informations since Nokia has not published on public canals those informations yet.
- Mitre: CVE-2023-49564
I can say that it is a set of three vulnerabilities
- CVE-2023-49564
- CVE-2023-29467
- CVE-2023-49565
That are criticals, CVSS:8.8 up to CVSS:9.0 and they are a chain of 1 authentication bypass and 2 Remote Code Execution resulting in root access on the asset.
And I am glad to have joined the Nokia Hall of Fame for these findings