CVE-2022-2482

Summary

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

Affected Software

VendorProductVersion RangeStatus
NokiaASIK AirScale474021A.101affected
NokiaASIK AirScale474021A.102affected

Weaknesses

  • CWE-1274: CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References