Lucene search

IcscertCVELIST:CVE-2022-2483

HistoryJan 06, 2023 - 9:04 p.m.

CVE-2022-2483

2023-01-0621:04:52

CWE-1282

icscert

www.cve.org

nokia asik airscale

bootloader

secure boot

firmware verification

flash contents

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

Percentile

10.8%

JSON

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ASIK AirScale ",
    "vendor": "Nokia",
    "versions": [
      {
        "status": "affected",
        "version": "474021A.101"
      },
      {
        "status": "affected",
        "version": "474021A.102"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-307-02

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

Percentile

10.8%

JSON

Related for CVELIST:CVE-2022-2483