CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2483
https://notcve.org/view.php?id=CVE-2022-2483
06 Jan 2023 — The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device. El gestor de arranque en el módulo del sistema Nokia ASIK AirScale (versiones 474021A.101 y 474021A.102) carga claves públicas para la firma de verificación del firmware. Si un atacante modifica el contenido flash para dañar las claves, ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 • CWE-1282: Assumed-Immutable Data is Stored in Writable Memory •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2482
https://notcve.org/view.php?id=CVE-2022-2482
06 Jan 2023 — A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. Existe una vulnerabilidad en el módulo del sistema ASIK AirScale de Nokia (versiones 474021A.101 y 474021A.102) que podría permitir a un atacante colocar un script en el sistema de archivos accesible desde Linux. Un scrip... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 • CWE-1274: Improper Access Control for Volatile Memory Containing Boot Code •