Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-6728

Summary
Assigner-Nokia
Assigner Org ID-b48c3b8f-639e-4c16-8725-497bc411dad0
Published At-17 Oct, 2024 | 12:16
Updated At-05 Nov, 2024 | 19:32
Rejected At-
Credits

Nokia SR OS: BOF File Encryption Vulnerability

Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Nokia
Assigner Org ID:b48c3b8f-639e-4c16-8725-497bc411dad0
Published At:17 Oct, 2024 | 12:16
Updated At:05 Nov, 2024 | 19:32
Rejected At:
▼CVE Numbering Authority (CNA)
Nokia SR OS: BOF File Encryption Vulnerability

Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.

Affected Products
Vendor
Nokia CorporationNokia
Product
SR OS (7250 IXR, 7450 ESS, 7750 SR, 7950 IXR, VSR), 7705 SAR OS, 7210 SAS OS
Versions
Affected
  • All supported releases prior to Release 24
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728/
N/A
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-326CWE-326 Inadequate Encryption Strength
Type: CWE
CWE ID: CWE-326
Description: CWE-326 Inadequate Encryption Strength
Metrics
VersionBase scoreBase severityVector
3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:b48c3b8f-639e-4c16-8725-497bc411dad0
Published At:17 Oct, 2024 | 13:15
Updated At:05 Nov, 2024 | 20:35

Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-326Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-326
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728/b48c3b8f-639e-4c16-8725-497bc411dad0
N/A
Hyperlink: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728/
Source: b48c3b8f-639e-4c16-8725-497bc411dad0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2025-24334
Matching Score-8
Assigner-Nokia
ShareView Details
Matching Score-8
Assigner-Nokia
CVSS Score-3.3||LOW
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 08:34
Updated-03 Jul, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network

The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.

Action-Not Available
Vendor-Nokia Corporation
Product-Nokia Single RAN
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2022-46825
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-4||MEDIUM
EPSS-0.00% / 0.01%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 17:37
Updated-23 Apr, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-31135
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.04% / 10.24%
||
7 Day CHG~0.00%
Published-17 May, 2023 | 17:04
Updated-22 Jan, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dgraph Audit Log Encryption nonce reuse

Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`.

Action-Not Available
Vendor-dgraphdgraph-io
Product-dgraphdgraph
CWE ID-CWE-326
Inadequate Encryption Strength
Details not found