CVE-2022-2483

8.4HIGH

Key Information

Vendor
Nokia
Status
Asik Airscale
Vendor
CVE Published:
6 January 2023

Summary

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

Affected Version(s)

ASIK AirScale = 474021A.101

ASIK AirScale = 474021A.102

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Risk change from: 7.1 to: 8.4 - (HIGH)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Joel Cretan
Red Balloon Security
.