Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication

1.0Cyber Security Newshttps://cybersecuritynews.comNokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authenticationrich600338<blockquote class="wp-embedded-content" data-secret="Q5ciIvo4md"><a href="https://cybersecuritynews.com/nokia-cbis-ncs-manager-api-vulnerability/">Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://cybersecuritynews.com/nokia-cbis-ncs-manager-api-vulnerability/embed/#?secret=Q5ciIvo4md" width="600" height="338" title="“Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication” — Cyber Security News" data-secret="Q5ciIvo4md" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); /* ]]> */ </script> https://i3.wp.com/blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxS8snuydtu3zfEyYsQRJ8wm-XVqoO3y4ZGoavMx0s3B37fIe-EZ4Zk0MIOYUO9wTZ3KYOx5wyU1TqKykr06ZyBxYeO0d7Pbgmm4uayPVEDAvRrilllxYHNl6AZ941HbUhFT0HhSONSgo82T-j4OmsduMl4tCkK8QqziaJJiYApmdYHtHArIKLt_q_Tm0/s16000/Nokia%20CBIS%20-%20NCS%20Manager%20API%20Vulnerability%20Let%20Attackers%20Bypass%20Authentication.webp?w=600&resize=600,0&ssl=16000A critical authentication bypass vulnerability has emerged in Nokia’s CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) Manager API, designated as CVE-2023-49564. This high-severity flaw, scoring 9.6 on the CVSS v3.1 scale, enables unauthorized attackers to circumvent authentication mechanisms through specially crafted HTTP headers, potentially granting complete access to restricted API endpoints without valid […]