CVE-2022-45899

MEDIUM

Nokia BMC <13.1 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-45899. PoCs published by Carlos Andres Gonzalez_ Matthew Gregory.

AI-analyzed exploit summary The exploit describes a command injection vulnerability in Nokia BMC Log Scanner version 13, allowing unauthenticated remote code execution as root via the Search Pattern field. The vulnerability is fixed in version 13.1.

Description

Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field.

Exploits (1)

exploitdb WRITEUP

by Carlos Andres Gonzalez_ Matthew Gregory · textwebappslinux

https://www.exploit-db.com/exploits/51896

View Code ZIP pw:eip

The exploit describes a command injection vulnerability in Nokia BMC Log Scanner version 13, allowing unauthenticated remote code execution as root via the Search Pattern field. The vulnerability is fixed in version 13.1.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Nokia BMC Log Scanner version 13

No auth needed

Prerequisites: Access to the BMC Log Scanner web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 08, 2026 Full analysis →

References (2)

Core 2

Core References

https://nokia.com

https://www.exploit-db.com/exploits/51896

Scores

CVSS v3 6.5

EPSS 0.0049

EPSS Percentile 65.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-78

Status published

Published May 08, 2026

Tracked Since May 08, 2026