CVE-2022-2483

EPSS 0.03%
Published 06.01.2023 22:15:09
Last modified 21.11.2024 07:01:05
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Nokia ≫ Asik Airscale 474021a.102 Firmware Version-

Nokia ≫ Asik Airscale 474021a.102 Version-

Nokia ≫ Asik Airscale 474021a.101 Firmware Version-

Nokia ≫ Asik Airscale 474021a.101 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
ics-cert@hq.dhs.gov	8.4	2	5.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CWE-1282 Assumed-Immutable Data is Stored in Writable Memory

Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-2483

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2483

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2483

EUVD