Joel Cretan

#10922of 53,635
25.2Total CVSS
Vulnerabilities · 3
High
3
PT-2023-12766
8.4
2023-01-06
Nokia · Asik Airscale · CVE-2022-2482
**Name of the Vulnerable Software and Affected Versions** Nokia ASIK AirScale system module versions 474021A.101 through 474021A.102 **Description** A vulnerability exists in Nokia’s ASIK AirScale system module that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. **Recommendations** For versions 474021A.101 and 474021A.102, consider restricting access to the file system to prevent an attacker from placing a malicious script, until a patch is available. As a temporary workaround, consider disabling any functionality that allows scripts to be executed from the Linux-accessible file system.
PT-2023-12767
8.4
2023-01-06
Nokia · Nokia Asik Airscale · CVE-2022-2483
**Name of the Vulnerable Software and Affected Versions** Nokia ASIK AirScale system module versions 474021A.101 through 474021A.102 **Description** The bootloader in the Nokia ASIK AirScale system module loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device. **Recommendations** For versions 474021A.101 and 474021A.102, update to a version that includes a fix for the secure boot issue to prevent permanent disablement. As a temporary workaround, consider restricting access to the flash contents to minimize the risk of exploitation.
PT-2023-12768
8.4
2023-01-06
Nokia · Nokia Asik Airscale System Module · CVE-2022-2484
**Name of the Vulnerable Software and Affected Versions** Nokia ASIK AirScale system module version 474021A.101 **Description** The signature check in the Nokia ASIK AirScale system module can be bypassed, allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs. **Recommendations** For version 474021A.101, consider disabling the ability to run modified firmware until a patch is available. Restrict access to the system module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.