CVE-2022-2484
Published: 06 January 2023
Summary
CVE-2022-2484 is a high-severity Improper Access Control for Volatile Memory Containing Boot Code (CWE-1274) vulnerability in Nokia Asik Airscale 474021A.101 Firmware. Its CVSS base score is 8.4 (High).
Operationally, ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34743
Vulnerability details
The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.