CVE-2024-25008

Summary

Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability.

Affected Software

VendorProductVersion RangeStatus
EricssonEricsson RAN Compute Basebands (all BB variants)0 < 24.Q2affected
EricssonSite Controller 66100 < 24.Q2affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References