CVE-2022-2483

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:01

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 8.4
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 - Third Party Advisory, US Government Resource
Summary		(es) El gestor de arranque en el módulo del sistema Nokia ASIK AirScale (versiones 474021A.101 y 474021A.102) carga claves públicas para la firma de verificación del firmware. Si un atacante modifica el contenido flash para dañar las claves, el arranque seguro podría desactivarse permanentemente en un dispositivo determinado.

Information

Published : 2023-01-06 22:15

Updated : 2024-11-21 07:01

NVD link : CVE-2022-2483

Mitre link : CVE-2022-2483

CVE.ORG link : CVE-2022-2483

JSON object : View

Products Affected

nokia

asik_airscale_474021a.102_firmware
asik_airscale_474021a.101_firmware
asik_airscale_474021a.102
asik_airscale_474021a.101

CWE

CWE-1282

Assumed-Immutable Data is Stored in Writable Memory

{"id": "CVE-2022-2483", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 2.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2023-01-06T22:15:09.167", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-1282"}]}], "descriptions": [{"lang": "en", "value": "\nThe bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.\n\n"}, {"lang": "es", "value": "El gestor de arranque en el m\u00f3dulo del sistema Nokia ASIK AirScale (versiones 474021A.101 y 474021A.102) carga claves p\u00fablicas para la firma de verificaci\u00f3n del firmware. Si un atacante modifica el contenido flash para da\u00f1ar las claves, el arranque seguro podr\u00eda desactivarse permanentemente en un dispositivo determinado."}], "lastModified": "2024-11-21T07:01:05.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB6EED50-DC10-46C4-905F-45D7E92B8AA3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F80584F-0E62-459D-8DEC-59D9CA01C0E9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "248B23EE-D2EE-4B6A-9FD6-C059E1709968"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A685A9FC-9938-49D3-A71C-89E8E88F3770"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}