Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.
The SSH service on the MTC-9 device is improperly configured in a way that bypasses required authentication mechanisms (CWE-306 – missing critical identity verification). An attacker can contact the SSH service over the network without providing any credentials and gain the ability to execute system commands. The result is full access to the device's file system and the ability to run arbitrary commands from a network connection.
An unauthenticated attacker can remotely execute arbitrary commands on the device and read, modify, or delete data from the file system, leading to complete device takeover and violation of data confidentiality, integrity, and availability.
Nokia Infinera MTC-9 firmware should be updated to version R23.0 or later. According to the description, the vulnerability was fixed in version R23.0. Until the patch is deployed, it is recommended to restrict network access to the SSH service on MTC-9 devices using firewall rules or network segmentation.
Nokia Infinera MTC-9 with firmware versions from R22.1.1.0275 to R23.0 (excluded).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNokia Infinera Mtc 9
HWNokiawszystkie wersjeNokia Infinera Mtc 9 Firmware
OSNokia22.1.1.0275 – 23.0 (bez)
Related vulnerabilities
Nokia Infinera MTC-9: dostęp bez hasła przez usługę RSH umożliwia reverse shell
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated user...
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the ser...
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash ...
Command injection w Nokia Wavesuite NOC — RCE przez aplikację webową