CVE-2022-2482

2023-01-0622:15:09

CWE-1274

[email protected]

web.nvd.nist.gov

nokia

asik airscale

vulnerability

linux

code execution

bootloader

file system

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

Percentile

10.8%

JSON

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

Affected configurations

Nvd

Node

nokiaasik_airscale_474021a.102_firmwareMatch-

AND

nokiaasik_airscale_474021a.102Match-

Node

nokiaasik_airscale_474021a.101_firmwareMatch-

AND

nokiaasik_airscale_474021a.101Match-

VendorProductVersionCPE
nokiaasik_airscale_474021a.102_firmware-cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*
nokiaasik_airscale_474021a.102-cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*
nokiaasik_airscale_474021a.101_firmware-cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*
nokiaasik_airscale_474021a.101-cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nokia	asik_airscale_474021a.102_firmware	-	cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:::::::*
nokia	asik_airscale_474021a.102	-	cpe:2.3:h:nokia:asik_airscale_474021a.102:-:::::::*
nokia	asik_airscale_474021a.101_firmware	-	cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:::::::*
nokia	asik_airscale_474021a.101	-	cpe:2.3:h:nokia:asik_airscale_474021a.101:-:::::::*