CVE-2022-2482

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-2482
A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*
History

07 Nov 2023, 03:46

Type Values Removed Values Added
Summary A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

12 Jan 2023, 20:47

Type Values Removed Values Added
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 - Third Party Advisory, US Government Resource
First Time Nokia asik Airscale 474021a.101 Firmware
Nokia
Nokia asik Airscale 474021a.102
Nokia asik Airscale 474021a.101
Nokia asik Airscale 474021a.102 Firmware
CPE cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*
cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

06 Jan 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-01-06 22:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-2482

Mitre link : CVE-2022-2482

CVE.ORG link : CVE-2022-2482

JSON object : View

Products Affected

nokia

  • asik_airscale_474021a.102
  • asik_airscale_474021a.101
  • asik_airscale_474021a.101_firmware
  • asik_airscale_474021a.102_firmware
CWE
CWE-1274

Insufficient Protections on the Volatile Memory Containing Boot Code