CVE-2023-6729
📋 TL;DR
CVE-2023-6729 allows authenticated users with 'access console' privileges on Nokia SR OS routers to gain read-write access to the entire file system via SFTP/SCP, enabling them to modify configuration files and potentially compromise the router. This affects organizations using vulnerable Nokia SR OS router configurations with users granted 'access console' privileges.
💻 Affected Systems
- Nokia SR OS routers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete router compromise leading to network disruption, data exfiltration, or persistent backdoor installation after reboot.
Likely Case
Unauthorized configuration changes causing service disruption or security policy bypass.
If Mitigated
Limited impact with proper access controls and monitoring in place.
🎯 Exploit Status
Requires authenticated user with 'access console' privilege, but exploitation is straightforward via standard SFTP/SCP clients.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Nokia advisory for specific fixed versions
Vendor Advisory: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6729/
Restart Required: Yes
Instructions:
1. Review Nokia security advisory 2. Apply recommended firmware update 3. Reboot router to activate fix 4. Verify file system access controls
🔧 Temporary Workarounds
Remove access console privilege
allRemove 'access console' privilege from users who don't require it
configure system security user-profile <profile-name> delete access console
Restrict SFTP/SCP access
allConfigure access controls to limit SFTP/SCP to authorized users only
configure system security sftp server disable
configure system security scp server disable
🧯 If You Can't Patch
- Remove 'access console' privilege from all non-essential users
- Implement strict network segmentation and monitor for SFTP/SCP activity to vulnerable routers
🔍 How to Verify
Check if Vulnerable:
Check if any users have 'access console' privilege configured: show system security user-profilesCheck Version:
show versionVerify Fix Applied:
Verify firmware version is patched and test that users with 'access console' cannot access file system via SFTP/SCP📡 Detection & Monitoring
Log Indicators:
- SFTP/SCP connections from unauthorized users
- File system modification events
- Configuration file changes outside normal maintenance
Network Indicators:
- Unexpected SFTP/SCP traffic to router management interfaces
SIEM Query:
source_ip="router_management_ip" AND (protocol="sftp" OR protocol="scp") AND user="*"