CVE-2022-2484 - Vulnerability Details - OpenCVE

Description

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.

Published: 2023-01-06

Score: 8.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Nokia

ASIK AirScale

unaffected

Version	Status	Constraints
`474021A.101`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ to receive further information.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00055.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02

History

Thu, 16 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Nokia Asik Airscale 474021a.101 Asik Airscale 474021a.101 Firmware

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-01-06T21:05:38.228Z

Updated: 2025-01-16T22:02:55.884Z

Reserved: 2022-07-19T21:43:11.547Z

Link: CVE-2022-2484

Vulnrichment

Updated: 2024-08-03T00:39:07.812Z

NVD

Status : Modified

Published: 2023-01-06T22:15:09.240

Modified: 2024-11-21T07:01:05.420

Link: CVE-2022-2484

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-1274

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2484", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2022-07-19T21:43:11.547Z", "datePublished": "2023-01-06T21:05:38.228Z", "dateUpdated": "2025-01-16T22:02:55.884Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ASIK AirScale ", "vendor": "Nokia", "versions": [{"status": "affected", "version": "474021A.101"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Joel Cretan"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Red Balloon Security"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.</span>\n\n</span>\n\n"}], "value": "\n\n\nThe signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1274", "description": "CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-06T21:05:38.228Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should <a target=\"_blank\" rel=\"nofollow\" href=\"https://customer.nokia.com/support/s/\">contact Nokia</a> to receive further information.</p>"}], "value": "\nNokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ \u00a0to receive further information.\n\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.812Z"}, "title": "CVE Program Container", "references": [{"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T20:22:39.948799Z", "id": "CVE-2022-2484", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T22:02:55.884Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02", "tags": ["government-resource", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.812Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-16T20:22:39.948799Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T20:22:41.820Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Joel Cretan"}, {"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Red Balloon Security"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Nokia", "product": "ASIK AirScale ", "versions": [{"status": "affected", "version": "474021A.101"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nNokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ \u00a0to receive further information.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should <a target=\"_blank\" rel=\"nofollow\" href=\"https://customer.nokia.com/support/s/\">contact Nokia</a> to receive further information.</p>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\n\n\nThe signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.</span>\n\n</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1274", "description": "CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-01-06T21:05:38.228Z"}}}, "cveMetadata": {"cveId": "CVE-2022-2484", "state": "PUBLISHED", "dateUpdated": "2025-01-16T22:02:55.884Z", "dateReserved": "2022-07-19T21:43:11.547Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-01-06T21:05:38.228Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "248B23EE-D2EE-4B6A-9FD6-C059E1709968", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*", "matchCriteriaId": "A685A9FC-9938-49D3-A71C-89E8E88F3770", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\n\n\nThe signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.\n\n\n\n"}, {"lang": "es", "value": "La verificaci\u00f3n de firma en el m\u00f3dulo del sistema Nokia ASIK AirScale versi\u00f3n 474021A.101 se puede omitir, permitiendo que un atacante ejecute firmware modificado. Esto podr\u00eda resultar en la ejecuci\u00f3n de un kernel malicioso, programas arbitrarios o programas Nokia modificados."}], "id": "CVE-2022-2484", "lastModified": "2024-11-21T07:01:05.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.8, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-06T22:15:09.240", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1274"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}