Lucene search

IcscertCVELIST:CVE-2022-2482

HistoryJan 06, 2023 - 9:03 p.m.

CVE-2022-2482

2023-01-0621:03:42

CWE-1274

icscert

www.cve.org

nokia

asik airscale

vulnerability

script placement

arbitrary code execution

bootloader

linux

cve-2022-2482

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

10.8%

JSON

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ASIK AirScale ",
    "vendor": "Nokia",
    "versions": [
      {
        "status": "affected",
        "version": "474021A.101"
      },
      {
        "status": "affected",
        "version": "474021A.102"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-307-02

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

10.8%

JSON

Related for CVELIST:CVE-2022-2482