CVE-2021-45896 – This vulnerability in Nokia FastMile 3TG00118AB... (How to Fix)

Q: What is the severity of CVE-2021-45896?

CVE-2021-45896 has a CVSS score of 8.8 (HIGH). This vulnerability in Nokia FastMile 3TG00118ABAD52 devices allows authenticated users to escalate privileges by manipulating the 'is_ctc_admin=1' parameter in login_web_app.cgi and using the Import Config File feature. This affects users with any level of authenticated access to the device's web interface.

📋 TL;DR

This vulnerability in Nokia FastMile 3TG00118ABAD52 devices allows authenticated users to escalate privileges by manipulating the 'is_ctc_admin=1' parameter in login_web_app.cgi and using the Import Config File feature. This affects users with any level of authenticated access to the device's web interface.

💻 Affected Systems

Products:

Nokia FastMile 3TG00118ABAD52

Versions: All versions prior to patch

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web administration interface of the device. Requires authenticated access to exploit.

📦 What is this software?

Fastmile Firmware by Nokia

View all CVEs affecting Fastmile Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains full administrative control over the device, potentially modifying configurations, intercepting traffic, or using the device as a pivot point into the network.

🟠

Likely Case

An authenticated user (including low-privilege users) escalates to administrative privileges to modify device settings or access sensitive information.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the specific device without lateral movement.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access but is simple to execute via web parameter manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

Check Nokia security advisories for firmware updates. If available, download and apply the latest firmware through the device's web interface.

🔧 Temporary Workarounds

Restrict Web Interface Access

all

Limit access to the device's web administration interface to trusted networks only.

Change Default Credentials

all

Ensure all user accounts have strong, unique passwords to reduce risk of initial authentication.

🧯 If You Can't Patch

Segment FastMile devices on isolated network segments
Implement strict firewall rules limiting device management interface access

🔍 How to Verify

Check if Vulnerable:

Access the device web interface, attempt to append '?is_ctc_admin=1' to login_web_app.cgi URL and check if admin privileges are granted.

Check Version:

Check firmware version in device web interface under System Information or similar section.

Verify Fix Applied:

Test the same exploit method after applying any firmware updates to confirm it no longer works.

📡 Detection & Monitoring

Log Indicators:

Unusual admin privilege escalations
Multiple login attempts with parameter manipulation

Network Indicators:

HTTP requests containing 'is_ctc_admin=1' parameter to login_web_app.cgi

SIEM Query:

web.url:*login_web_app.cgi* AND web.querystring:*is_ctc_admin=1*

📊 Metadata

CVE ID: CVE-2021-45896

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: December 27, 2021

Last Updated: November 21, 2024

🔗 References

https://eddiez.me/hacking-the-nokia-fastmile/ Exploit,Third Party Advisory
https://gist.github.com/thedroidgeek/80c379aa43b71015d71da130f85a435a Third Party Advisory
https://eddiez.me/hacking-the-nokia-fastmile/ Exploit,Third Party Advisory
https://gist.github.com/thedroidgeek/80c379aa43b71015d71da130f85a435a Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON