← voltar
CVE-2022-21196

Airspan Networks Mimosa Improper Authorization

CVSS 10 CRITICALEPSS 3.5%CWE-285
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 3.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 fev 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Airspan Networks · MMPAirspan Networks · PTMP C-series and A5xAirspan Networks · PTP C-series

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02