CVE-2022-2483

2023-01-0622:15:09

CWE-1282

[email protected]

web.nvd.nist.gov

nokia

asik airscale

bootloader

firmware verification

secure boot

vulnerability

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

Percentile

10.8%

JSON

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

Affected configurations

Nvd

Node

nokiaasik_airscale_474021a.102_firmwareMatch-

AND

nokiaasik_airscale_474021a.102Match-

Node

nokiaasik_airscale_474021a.101_firmwareMatch-

AND

nokiaasik_airscale_474021a.101Match-

VendorProductVersionCPE
nokiaasik_airscale_474021a.102_firmware-cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*
nokiaasik_airscale_474021a.102-cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*
nokiaasik_airscale_474021a.101_firmware-cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*
nokiaasik_airscale_474021a.101-cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nokia	asik_airscale_474021a.102_firmware	-	cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:::::::*
nokia	asik_airscale_474021a.102	-	cpe:2.3:h:nokia:asik_airscale_474021a.102:-:::::::*
nokia	asik_airscale_474021a.101_firmware	-	cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:::::::*
nokia	asik_airscale_474021a.101	-	cpe:2.3:h:nokia:asik_airscale_474021a.101:-:::::::*