CVE-2022-2482 HIGH

CVE-2022-2482

Vendor Nokia

Product ASIK AirScale

Weakness CWE-1274

Published January 6, 2023

Last update January 16, 2025

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

Key dates

02Disclosure timeline

January 6, 2023 CVE published

January 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2482 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/1274.html

Related vulnerabilities

Identifiers

CVE CVE-2022-2482

CWE CWE-1274

CVSS 8.4 / HIGH

Affected versions

Vendor Nokia

Product ASIK AirScale

Affected 474021A.101

Vendor Nokia

Product ASIK AirScale

Affected 474021A.102

CVE-2022-2482

01Description

02Disclosure timeline

03References

04Related CVE