OpenCVE

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nokia	Asik Airscale 474021a.101 Asik Airscale 474021a.101 Firmware Asik Airscale 474021a.102 Asik Airscale 474021a.102 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-01-06T21:03:42.655Z

Updated: 2024-08-03T00:39:07.824Z

Reserved: 2022-07-19T21:40:09.334Z

Link: CVE-2022-2482

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-06T22:15:09.077

Modified: 2024-11-21T07:01:05.100

Link: CVE-2022-2482

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2482", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-07-19T21:40:09.334Z", "datePublished": "2023-01-06T21:03:42.655Z", "dateUpdated": "2024-08-03T00:39:07.824Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ASIK AirScale ", "vendor": "Nokia", "versions": [{"status": "affected", "version": "474021A.101"}, {"status": "affected", "version": "474021A.102"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Joel Cretan"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Red Balloon Security"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.</span>\n\n"}], "value": "\nA vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1274", "description": "CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-06T21:03:42.655Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should <a target=\"_blank\" rel=\"nofollow\" href=\"https://customer.nokia.com/support/s/\">contact Nokia</a> to receive further information.</p>"}], "value": "\nNokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ \u00a0to receive further information.\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.824Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB6EED50-DC10-46C4-905F-45D7E92B8AA3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F80584F-0E62-459D-8DEC-59D9CA01C0E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "248B23EE-D2EE-4B6A-9FD6-C059E1709968", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*", "matchCriteriaId": "A685A9FC-9938-49D3-A71C-89E8E88F3770", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nA vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad en el m\u00f3dulo del sistema ASIK AirScale de Nokia (versiones 474021A.101 y 474021A.102) que podr\u00eda permitir a un atacante colocar un script en el sistema de archivos accesible desde Linux. Un script colocado en el lugar apropiado podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario en el gestor de arranque."}], "id": "CVE-2022-2482", "lastModified": "2024-11-21T07:01:05.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.8, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-06T22:15:09.077", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1274"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}