CVE-2022-2483 HIGH

CVE-2022-2483

Vendor Nokia
Product ASIK AirScale
Weakness CWE-1282
Published January 6, 2023
Last update January 16, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

Key dates

02Disclosure timeline

January 6, 2023 CVE published
January 16, 2025 Record updated