First published: Fri Jan 06 2023(Updated: )
A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Nokia Asik Airscale 474021a.102 Firmware | ||
Nokia Asik Airscale 474021a.102 | ||
Nokia Asik Airscale 474021a.101 Firmware | ||
Nokia Asik Airscale 474021a.101 | ||
Nokia ASIK 474021A.101 | ||
Nokia ASIK 474021A.102 (not affected by CVE-2022-2484) |
Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ to receive further information.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2482 has a severity rating of 8.8 (high).
The affected software for CVE-2022-2482 includes Nokia Asik Airscale 474021a.101 Firmware and Nokia Asik Airscale 474021a.102 Firmware.
An attacker can exploit CVE-2022-2482 by placing a script on the file system accessible from Linux, allowing for arbitrary code execution in the bootloader.
No, Nokia Asik Airscale 474021a.101 is not vulnerable to CVE-2022-2482.
Yes, Nokia Asik Airscale 474021a.102 is vulnerable to CVE-2022-2482.