First published: Fri Jan 06 2023(Updated: )
The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Nokia Asik Airscale 474021a.102 Firmware | ||
Nokia Asik Airscale 474021a.102 | ||
Nokia Asik Airscale 474021a.101 Firmware | ||
Nokia Asik Airscale 474021a.101 | ||
Nokia ASIK 474021A.101 | ||
Nokia ASIK 474021A.102 (not affected by CVE-2022-2484) |
Nokia has released technical support notes containing mitigation instructions for impacted Nokia users. Users should contact Nokia https://customer.nokia.com/support/s/ to receive further information.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-2483 is a vulnerability in the bootloader of the Nokia ASIK AirScale system module that can permanently disable secure boot on a device.
CVE-2022-2483 has a severity rating of 7.1, which is considered high.
Versions 474021A.101 and 474021A.102 of the Nokia ASIK AirScale system module firmware are affected by CVE-2022-2483.
An attacker can exploit CVE-2022-2483 by modifying the flash contents to corrupt the public keys used for firmware verification signature, which disables secure boot.
You can find more information about CVE-2022-2483 on the CISA website at https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02.