CVE-2022-2483

Summary

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

Affected Software

VendorProductVersion RangeStatus
NokiaASIK AirScale474021A.101affected
NokiaASIK AirScale474021A.102affected

Weaknesses

  • CWE-1282: CWE-1282 Assumed-Immutable Data is Stored in Writable Memory

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References