Skip to main content

Nokia moves to patch vulnerable mobile baseband kit

posted onNovember 8, 2022
by l33tdawg
Wikipedia
Credit: Wikipedia

Nokia has moved to patch vulnerabilities that could put mobile telecommunications networks at risk of compromise.

The vulnerabilities came to light via a recent US Cybersecurity and Infrastructure Security Agency (CISA) advisory, with all vulnerabilities rated High severity (CVSS score 8.4).

CISA said the vulnerabilities include improper access controls for volatile memory containing boot code; and the discovery that data assumed to be immutable is stored in writable memory. Successful exploitation could result in Nokia baseband units executing a malicious kernel, running malicious programs, or running modified Nokia programs. In CVE-2022-2482 (not yet published in the Mitre CVE list), Nokia ASIK AirScale system module versions 474021A.101 and 474021A.102 could let an attacker “place a script on the file system accessible from Linux," CISA said.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th