CVE-2022-2482

Name of the Vulnerable Software and Affected Versions Nokia ASIK AirScale system module versions 474021A.101 through 474021A.102

Description A vulnerability exists in Nokia’s ASIK AirScale system module that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.

Recommendations For versions 474021A.101 and 474021A.102, consider restricting access to the file system to prevent an attacker from placing a malicious script, until a patch is available. As a temporary workaround, consider disabling any functionality that allows scripts to be executed from the Linux-accessible file system.