A critical authentication bypass vulnerability has been disclosed in Nokia’s CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) platforms. The flaw, rated 9.6 in severity, allows an unauthenticated attacker to gain complete administrative access to the management API by sending a specially crafted HTTP header. Successful exploitation could lead to the full compromise of sensitive telecom infrastructure, enabling attackers to alter network configurations or inject malicious code. The vulnerability resides in the API's failure to properly validate custom headers within its authentication layer. Nokia has released patches and urges administrators to apply them immediately while also restricting network access to the vulnerable management interfaces.
Latest mentioned: 09-19
Earliest mentioned: 09-19