CVE-2025-24332
📋 TL;DR
This vulnerability allows authenticated administrative users on Nokia Single RAN AirScale baseband systems to access all physical boards after a single login to the baseband system board. The system fails to re-authenticate users when they connect from the system board to capacity boards via the internal bsoc SSH service. This affects organizations using vulnerable versions of Nokia's baseband equipment.
💻 Affected Systems
- Nokia Single RAN AirScale baseband
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker with administrative privileges could gain unauthorized access to all baseband capacity boards, potentially disrupting cellular network operations, exfiltrating sensitive configuration data, or deploying malicious modifications across the entire baseband system.
Likely Case
An authorized administrator could unintentionally or intentionally access boards beyond their intended scope, leading to configuration errors, unauthorized monitoring, or privilege escalation within the baseband system.
If Mitigated
With proper access controls and updated software, only root-privileged administrators can use the bsoc SSH capability, significantly reducing the attack surface and limiting potential damage.
🎯 Exploit Status
Exploitation requires existing administrative access to the baseband system board, making it an internal threat rather than external.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 23R4-SR 3.0 MP and later
Vendor Advisory: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24332/
Restart Required: Yes
Instructions:
1. Download the updated software release 23R4-SR 3.0 MP or later from Nokia support portal. 2. Backup current configuration. 3. Apply the software update following Nokia's upgrade procedures. 4. Restart the baseband system to activate the fix. 5. Verify the bsoc SSH service is now restricted to root-privileged administrators only.
🔧 Temporary Workarounds
Restrict administrative access
allLimit administrative access to the baseband system board to only essential, trusted personnel with root privileges.
Monitor bsoc SSH connections
allImplement logging and monitoring for all bsoc SSH connections between baseband boards to detect unauthorized access attempts.
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for all administrative accounts on the baseband system board.
- Segment network access to the baseband system board and monitor all administrative activities for suspicious behavior.
🔍 How to Verify
Check if Vulnerable:
Check the baseband software version. If it's earlier than 23R4-SR 3.0 MP, the system is vulnerable. Also verify if non-root administrative users can establish bsoc SSH connections to capacity boards.Check Version:
Check the baseband software version through the administrative interface or CLI using vendor-specific commands.Verify Fix Applied:
After updating to 23R4-SR 3.0 MP or later, attempt to use bsoc SSH from a non-root administrative account to connect to capacity boards. This should fail. Only root-privileged accounts should succeed.📡 Detection & Monitoring
Log Indicators:
- Unusual bsoc SSH connection attempts between boards
- Multiple board access events from single administrative session
- Failed authentication attempts for bsoc SSH from non-root accounts
Network Indicators:
- Internal SSH traffic between baseband boards from non-root accounts
- Unexpected SSH key exchanges on the internal backplane
SIEM Query:
source="baseband_logs" AND (event="bsoc_ssh_connection" AND user!="root") OR (event="board_access" AND session_count>1)