Cyberdudebivash

  Date: September 20, 2025 (IST)      Author : CyberDudeBivash Executive summary Nokia disclosed CVE-2023-49564 , a critical authentication bypass in the CBIS/NCS Manager API . A specially crafted HTTP header can trick the service and grant unauthenticated access to restricted API functions . Nokia rates this CVSS 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) . Access is typically limited to the management network (adjacent), but impact spans confidentiality, integrity, availability at the control plane of telecom cloud infrastructure. A fix is available. Nokia Corporation | Nokia Related: Nokia also published CVE-2023-49565 (RCE) in the same stack, exploitable via the /api/plugins path with unsanitized headers; fixed builds are available. Defenders should assume chaining is possible in real-world attempts. Nokia Corporation | Nokia What’s vulnerable & versions CloudBand Infrastructure Software (CBIS): CBIS 22 affected. Fixed in CBIS 22 FP1 MP1.2...