CVE-2022-2482 - Vulnerability Details - OpenCVE

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nokia	Asik Airscale 474021a.101 Asik Airscale 474021a.101 Firmware Asik Airscale 474021a.102 Asik Airscale 474021a.102 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-34741	A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

Fixes

Solution

Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ to receive further information.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02

History

Thu, 16 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-01-06T21:03:42.655Z

Updated: 2025-01-16T22:03:09.854Z

Reserved: 2022-07-19T21:40:09.334Z

Link: CVE-2022-2482

Vulnrichment

Updated: 2024-08-03T00:39:07.824Z

NVD

Status : Modified

Published: 2023-01-06T22:15:09.077

Modified: 2024-11-21T07:01:05.100

Link: CVE-2022-2482

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2482", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-07-19T21:40:09.334Z", "datePublished": "2023-01-06T21:03:42.655Z", "dateUpdated": "2025-01-16T22:03:09.854Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ASIK AirScale ", "vendor": "Nokia", "versions": [{"status": "affected", "version": "474021A.101"}, {"status": "affected", "version": "474021A.102"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Joel Cretan"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Red Balloon Security"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.</span>\n\n"}], "value": "\nA vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1274", "description": "CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-06T21:03:42.655Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should <a target=\"_blank\" rel=\"nofollow\" href=\"https://customer.nokia.com/support/s/\">contact Nokia</a> to receive further information.</p>"}], "value": "\nNokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ \u00a0to receive further information.\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.824Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T20:22:45.785869Z", "id": "CVE-2022-2482", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T22:03:09.854Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.824Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2482", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-16T20:22:45.785869Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T20:22:47.097Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Joel Cretan"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Red Balloon Security"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Nokia", "product": "ASIK AirScale ", "versions": [{"status": "affected", "version": "474021A.101"}, {"status": "affected", "version": "474021A.102"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nNokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ \u00a0to receive further information.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should <a target=\"_blank\" rel=\"nofollow\" href=\"https://customer.nokia.com/support/s/\">contact Nokia</a> to receive further information.</p>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1274", "description": "CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-06T21:03:42.655Z"}}}, "cveMetadata": {"cveId": "CVE-2022-2482", "state": "PUBLISHED", "dateUpdated": "2025-01-16T22:03:09.854Z", "dateReserved": "2022-07-19T21:40:09.334Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-01-06T21:03:42.655Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB6EED50-DC10-46C4-905F-45D7E92B8AA3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F80584F-0E62-459D-8DEC-59D9CA01C0E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "248B23EE-D2EE-4B6A-9FD6-C059E1709968", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*", "matchCriteriaId": "A685A9FC-9938-49D3-A71C-89E8E88F3770", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nA vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad en el m\u00f3dulo del sistema ASIK AirScale de Nokia (versiones 474021A.101 y 474021A.102) que podr\u00eda permitir a un atacante colocar un script en el sistema de archivos accesible desde Linux. Un script colocado en el lugar apropiado podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario en el gestor de arranque."}], "id": "CVE-2022-2482", "lastModified": "2024-11-21T07:01:05.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.8, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-06T22:15:09.077", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1274"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}