CVE-2021-31932
Nokia Transport Module Authentication Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character.
La consola web Nokia BTS TRS versión FTM_W20_FP2_2019.08.16_0010 permite una omisión de autenticación. Un usuario malicioso no autenticado puede conseguir acceso a todas las funcionalidades expuestas por el panel web, omitiendo el proceso de autenticación, mediante el uso de la codificación de la URL para el carácter . (punto)
The TRS web console allows an authenticated user to remotely manage the BTS and its configuration. Analysis discovered an authentication bypass vulnerability in the web management console. BTS TRS web console version FTM_W20_FP2_2019.08.16_0010 is affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-30 CVE Reserved
- 2022-02-11 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/165964/Nokia-Transport-Module-Authentication-Bypass.html | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nokia Search vendor "Nokia" | Bts Trs Web Console Search vendor "Nokia" for product "Bts Trs Web Console" | ftm_w20_fp2_2019.08.16_0010 Search vendor "Nokia" for product "Bts Trs Web Console" and version "ftm_w20_fp2_2019.08.16_0010" | - |
Affected
| ||||||