CVE-2022-2483
Severity Score
7.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.
El gestor de arranque en el módulo del sistema Nokia ASIK AirScale (versiones 474021A.101 y 474021A.102) carga claves públicas para la firma de verificación del firmware. Si un atacante modifica el contenido flash para dañar las claves, el arranque seguro podría desactivarse permanentemente en un dispositivo determinado.
*Credits:
Joel Cretan, Red Balloon Security
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-19 CVE Reserved
- 2023-01-06 CVE Published
- 2024-07-29 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1282: Assumed-Immutable Data is Stored in Writable Memory
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 | Government Resource |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nokia Search vendor "Nokia" | Asik Airscale 474021a.102 Firmware Search vendor "Nokia" for product "Asik Airscale 474021a.102 Firmware" | - | - |
Affected
| in | Nokia Search vendor "Nokia" | Asik Airscale 474021a.102 Search vendor "Nokia" for product "Asik Airscale 474021a.102" | - | - |
Safe
|
| Nokia Search vendor "Nokia" | Asik Airscale 474021a.101 Firmware Search vendor "Nokia" for product "Asik Airscale 474021a.101 Firmware" | - | - |
Affected
| in | Nokia Search vendor "Nokia" | Asik Airscale 474021a.101 Search vendor "Nokia" for product "Asik Airscale 474021a.101" | - | - |
Safe
|