Title: RETIRED: Nokia Siemens Networks Flexi ISN Multiple Authentication Bypass Vulnerabilities
Severity: HIGH
Description:
Nokia Siemens Networks Flexi ISN (Intelligent Service Node) is a General Packet Radio Service (GPRS) network device used for P2P traffic management and data charging.
The device is prone to multiple authentication-bypass vulnerabilities because its web-based management interface application fails to restrict access to the following administrative scripts:
'cgi-bin/aaa.tcl?'
'cgi-bin/aggr_config.tcl?'
'opt/cgi-bin/ggsn/cgi.tcl': 'page' parameter
'opt/cgi-bin/services.tcl': 'instance' parameter
An attacker can exploit these issues to gain unauthorized access to the affected device, which may lead to other attacks.
These issues affect Flexi ISN 3.1; other devices or versions may also be vulnerable.
UPDATE (April 6, 2009): This issue is disputed. Reports indicate that the device is not vulnerable as described. We will update this BID as more information emerges.
NOTE: This BID is being retired because the vulnerability cannot be exploited as described.
Affected Products:
- Nokia Siemens Networks Flexi ISN 3.1
References:
- Nokia Siemens Networks: Vendor Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
