Vulnerabilities > CVE-2022-2483 - Assumed-Immutable Data Stored in Writable Memory vulnerability in Nokia products

047910
CVSS 7.1 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
nokia
CWE-1282
NVD
Published: 2023-01-06
Updated: 2023-11-07

Summary

The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.

Vulnerable Configurations

Part Description Count
OS
Nokia
2
Hardware
Nokia
2

Common Weakness Enumeration (CWE)

References