CVE-2022-21196

Airspan Networks Mimosa Improper Authorization

CVSS 10 CRITICALEPSS 3.5%CWE-285

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 10EPSS 3.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

18 feb 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Productos afectados

Airspan Networks · MMP Airspan Networks · PTMP C-series and A5x Airspan Networks · PTP C-series

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02