CVE-2022-2482

{"id": "CVE-2022-2482", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 2.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2023-01-06T22:15:09.077", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-1274"}]}], "descriptions": [{"lang": "en", "value": "\nA vulnerability exists in Nokia\u2019s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader.\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad en el m\u00f3dulo del sistema ASIK AirScale de Nokia (versiones 474021A.101 y 474021A.102) que podr\u00eda permitir a un atacante colocar un script en el sistema de archivos accesible desde Linux. Un script colocado en el lugar apropiado podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario en el gestor de arranque."}], "lastModified": "2024-11-21T07:01:05.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.102_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB6EED50-DC10-46C4-905F-45D7E92B8AA3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.102:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F80584F-0E62-459D-8DEC-59D9CA01C0E9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nokia:asik_airscale_474021a.101_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "248B23EE-D2EE-4B6A-9FD6-C059E1709968"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nokia:asik_airscale_474021a.101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A685A9FC-9938-49D3-A71C-89E8E88F3770"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}