Nokia moves to patch vulnerable mobile baseband kit
Nokia has moved to patch vulnerabilities that could put mobile telecommunications networks at risk of compromise.
The vulnerabilities came to light via a recent US Cybersecurity and Infrastructure Security Agency (CISA) advisory, with all vulnerabilities rated High severity (CVSS score 8.4).
CISA said the vulnerabilities include improper access controls for volatile memory containing boot code; and the discovery that data assumed to be immutable is stored in writable memory. Successful exploitation could result in Nokia baseband units executing a malicious kernel, running malicious programs, or running modified Nokia programs. In CVE-2022-2482 (not yet published in the Mitre CVE list), Nokia ASIK AirScale system module versions 474021A.101 and 474021A.102 could let an attacker “place a script on the file system accessible from Linux," CISA said.