CVE-2024-25008
📋 TL;DR
Ericsson RAN Compute and Site Controller 6610 has an input validation vulnerability in its Control System that allows authenticated attackers with system administrator privileges to execute arbitrary code, potentially gaining a Linux shell with their existing privileges. This affects telecommunications infrastructure using these specific Ericsson products. Attackers need valid OAM credentials with administrative access to exploit this vulnerability.
💻 Affected Systems
- Ericsson RAN Compute 6610
- Ericsson Site Controller 6610
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with compromised administrator credentials could execute arbitrary code, potentially taking full control of the system, disrupting cellular network operations, and using the system as a foothold for lateral movement within the telecommunications infrastructure.
Likely Case
A malicious insider or attacker with stolen administrator credentials could execute arbitrary commands, potentially disrupting specific RAN functions, exfiltrating configuration data, or establishing persistence on the system.
If Mitigated
With proper access controls, network segmentation, and monitoring, the impact would be limited to the specific compromised system, with detection likely before significant damage occurs.
🎯 Exploit Status
Exploitation requires valid administrator credentials and knowledge of the vulnerable input validation mechanism. The vulnerability is in the Control System component where improper input validation leads to code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available information
Vendor Advisory: https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-ericsson-ran-compute-august-2024
Restart Required: Yes
Instructions:
1. Review Ericsson security bulletin for specific patch details. 2. Apply the recommended patch from Ericsson. 3. Restart affected systems as required. 4. Verify patch application and system functionality.
🔧 Temporary Workarounds
Restrict Administrative Access
allLimit OAM user accounts with system administrator role to only essential personnel and implement strict access controls.
Network Segmentation
allIsolate RAN Compute and Site Controller systems from general network access and implement strict firewall rules.
🧯 If You Can't Patch
- Implement strict access controls and monitoring for OAM administrator accounts
- Isolate affected systems in a dedicated network segment with strict ingress/egress filtering
🔍 How to Verify
Check if Vulnerable:
Check system version against Ericsson's security bulletin and verify if running vulnerable Control System component.Check Version:
Consult Ericsson documentation for version checking commands specific to RAN Compute/Site Controller systems.Verify Fix Applied:
Verify patch version installation and test that input validation in Control System properly sanitizes user input.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns
- Multiple failed authentication attempts followed by successful login
- Unexpected system process creation
Network Indicators:
- Unusual outbound connections from RAN systems
- Traffic patterns inconsistent with normal operations
SIEM Query:
source="ran-controller" AND (event_type="command_execution" OR user="admin") AND result="success" | stats count by src_ip, user, command