PT-2023-12767 · Nokia · Nokia Asik Airscale
Joel Cretan
·
Published
2023-01-06
·
Updated
2023-01-13
·
CVE-2022-2483
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Nokia ASIK AirScale system module versions 474021A.101 through 474021A.102
Description
The bootloader in the Nokia ASIK AirScale system module loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device.
Recommendations
For versions 474021A.101 and 474021A.102, update to a version that includes a fix for the secure boot issue to prevent permanent disablement.
As a temporary workaround, consider restricting access to the flash contents to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nokia Asik Airscale