CNNVD-202509-3031 Information

Sep 18, 2025 cve

CNNVD ID

CNNVD-202509-3031

CVE-2023-49565

CNNVD Published: 2025-09-18

Description (Chinese)

Nokia CloudBand Infrastructure Software和Nokia Container Service都是芬兰诺基亚（Nokia）公司的产品。Nokia CloudBand Infrastructure Software是一款用于支撑网络功能虚拟化的平台。Nokia Container Service是一个容器管理服务。 Nokia CloudBand Infrastructure Software和Nokia Container Service存在安全漏洞，该漏洞源于对HTTP标头X-FILENAME、X-PAGE和X-FIELD清理不当，可能导致远程命令执行攻击。

Description (English)

Nokia CloudBand Infrastructure Software and Nokia Container Service are products of the Finnish company Nokia. Nokia CloudBand Infrastructure Software is a platform to support virtualization of network functions. Nokia Container Service is a container management service. There is a security loophole between Nokia CloudBand Infrastructure Software and Nokia Container Service, which stems from the improper clean-up of HTTP markers X-FILENAME, X-PAGE and X-FIELLD, which could lead to a remote command-enforcement attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

诺基亚

Published

2025-09-18

Last Modified

2026-02-24

References

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/CVE-2023-49565/

Patch

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/CVE-2023-49565/

Share on: