8.4
CVE-2022-2483
- EPSS 0.03%
- Veröffentlicht 06.01.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 07:01:05
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nokia ≫ Asik Airscale 474021a.102 Firmware Version-
Nokia ≫ Asik Airscale 474021a.101 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.055 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| ics-cert@hq.dhs.gov | 8.4 | 2 | 5.8 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
|
CWE-1282 Assumed-Immutable Data is Stored in Writable Memory
Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.