CVE-2022-2482

8.4HIGH

Key Information

Vendor
Nokia
Status
Asik Airscale
Vendor
CVE Published:
6 January 2023

Summary

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

Affected Version(s)

ASIK AirScale = 474021A.101

ASIK AirScale = 474021A.102

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Risk change from: 8.8 to: 8.4 - (HIGH)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Joel Cretan
Red Balloon Security
.