Search criteria
21 vulnerabilities found for c5c_firmware by airspan
FKIE_CVE-2022-21196
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:44
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | mimosa_management_platform | * | |
| airspan | c6x_firmware | * | |
| airspan | c6x | - | |
| airspan | c5x_firmware | * | |
| airspan | c5x | - | |
| airspan | c5c_firmware | * | |
| airspan | c5c | - | |
| airspan | a5x_firmware | * | |
| airspan | a5x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "064DE49C-CD3C-43AF-864E-D8373EAD9B52",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4650A7AA-DD66-4A8B-BB37-4D6789D60B85",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080058F5-00C3-4204-8942-18D5347614B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C295D0C-2C21-474D-B38F-0EA15FB59113",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3239C7-ADFF-413E-86CD-EDBD86FB1ACB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B5039E-8D62-4EB8-A264-1DBA97CC7289",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9944E65E-56D0-4010-B27B-FD7FE469EC20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA42797-2BBB-4622-9F57-2BE53E3D8019",
"versionEndExcluding": "2.5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1009C19-795D-4F1A-8C82-A22754E0EBC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
},
{
"lang": "es",
"value": "MMP: Todas las versiones anteriores a v1.0.3, PTP C-series: Versiones de dispositivos anteriores a v2.8.6.1, y PTMP C-series y A5x: Versiones de dispositivos anteriores a v2.5.4.1, no llevan a cabo las comprobaciones de autorizaci\u00f3n y autenticaci\u00f3n apropiadas en varias rutas de la API. Un atacante puede obtener acceso a estas rutas API y lograr una ejecuci\u00f3n de c\u00f3digo remota, crear una condici\u00f3n de denegaci\u00f3n de servicio y obtener informaci\u00f3n confidencial"
}
],
"id": "CVE-2022-21196",
"lastModified": "2024-11-21T06:44:04.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:12.527",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21800
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:45
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | mimosa_management_platform | * | |
| airspan | c6x_firmware | * | |
| airspan | c6x | - | |
| airspan | c5x_firmware | * | |
| airspan | c5x | - | |
| airspan | c5c_firmware | * | |
| airspan | c5c | - | |
| airspan | a5x_firmware | * | |
| airspan | a5x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "064DE49C-CD3C-43AF-864E-D8373EAD9B52",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4650A7AA-DD66-4A8B-BB37-4D6789D60B85",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080058F5-00C3-4204-8942-18D5347614B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C295D0C-2C21-474D-B38F-0EA15FB59113",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3239C7-ADFF-413E-86CD-EDBD86FB1ACB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B5039E-8D62-4EB8-A264-1DBA97CC7289",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9944E65E-56D0-4010-B27B-FD7FE469EC20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA42797-2BBB-4622-9F57-2BE53E3D8019",
"versionEndExcluding": "2.5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1009C19-795D-4F1A-8C82-A22754E0EBC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords."
},
{
"lang": "es",
"value": "MMP: Todas las versiones anteriores a v1.0.3, PTP C-series: Versiones de dispositivos anteriores a v2.8.6.1, y PTMP C-series y A5x: Versiones de dispositivos anteriores a v2.5.4.1, usan el algoritmo MD5 para hacer un hash de las contrase\u00f1as antes de almacenarlas, pero no ponen salt al hash. Como resultado, los atacantes pueden ser capaces de descifrar las contrase\u00f1as con hash"
}
],
"id": "CVE-2022-21800",
"lastModified": "2024-11-21T06:45:27.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:12.800",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21176
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:44
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | mimosa_management_platform | * | |
| airspan | c6x_firmware | * | |
| airspan | c6x | - | |
| airspan | c5x_firmware | * | |
| airspan | c5x | - | |
| airspan | c5c_firmware | * | |
| airspan | c5c | - | |
| airspan | a5x_firmware | * | |
| airspan | a5x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "064DE49C-CD3C-43AF-864E-D8373EAD9B52",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4650A7AA-DD66-4A8B-BB37-4D6789D60B85",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080058F5-00C3-4204-8942-18D5347614B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C295D0C-2C21-474D-B38F-0EA15FB59113",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3239C7-ADFF-413E-86CD-EDBD86FB1ACB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B5039E-8D62-4EB8-A264-1DBA97CC7289",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9944E65E-56D0-4010-B27B-FD7FE469EC20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA42797-2BBB-4622-9F57-2BE53E3D8019",
"versionEndExcluding": "2.5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1009C19-795D-4F1A-8C82-A22754E0EBC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information."
},
{
"lang": "es",
"value": "MMP: Todas las versiones anteriores a v1.0.3, PTP C-series: Versiones de dispositivos anteriores a v2.8.6.1, y PTMP C-series y A5x: Versiones de dispositivos anteriores a v2.5.4.1, no sanean apropiadamente la entrada del usuario, lo que puede permitir a un atacante llevar a cabo una inyecci\u00f3n SQL y obtener informaci\u00f3n confidencial"
}
],
"id": "CVE-2022-21176",
"lastModified": "2024-11-21T06:44:02.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:12.390",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21141
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:43
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | mimosa_management_platform | * | |
| airspan | c6x_firmware | * | |
| airspan | c6x | - | |
| airspan | c5x_firmware | * | |
| airspan | c5x | - | |
| airspan | c5c_firmware | * | |
| airspan | c5c | - | |
| airspan | a5x_firmware | * | |
| airspan | a5x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "064DE49C-CD3C-43AF-864E-D8373EAD9B52",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4650A7AA-DD66-4A8B-BB37-4D6789D60B85",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080058F5-00C3-4204-8942-18D5347614B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C295D0C-2C21-474D-B38F-0EA15FB59113",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3239C7-ADFF-413E-86CD-EDBD86FB1ACB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B5039E-8D62-4EB8-A264-1DBA97CC7289",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9944E65E-56D0-4010-B27B-FD7FE469EC20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA42797-2BBB-4622-9F57-2BE53E3D8019",
"versionEndExcluding": "2.5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1009C19-795D-4F1A-8C82-A22754E0EBC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
},
{
"lang": "es",
"value": "MMP: Todas las versiones anteriores a v1.0.3, PTP C-series: Versiones de dispositivos anteriores a v2.8.6.1, y PTMP C-series y A5x: Versiones de dispositivos anteriores a v2.5.4.1, no llevan a cabo comprobaciones de autorizaci\u00f3n apropiadas en m\u00faltiples funciones de la API. Un atacante puede obtener acceso a estas funciones y lograr una ejecuci\u00f3n de c\u00f3digo remota, crear una condici\u00f3n de denegaci\u00f3n de servicio y obtener informaci\u00f3n confidencial"
}
],
"id": "CVE-2022-21141",
"lastModified": "2024-11-21T06:43:58.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:12.147",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21215
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:44
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | mimosa_management_platform | * | |
| airspan | c6x_firmware | * | |
| airspan | c6x | - | |
| airspan | c5x_firmware | * | |
| airspan | c5x | - | |
| airspan | c5c_firmware | * | |
| airspan | c5c | - | |
| airspan | a5x_firmware | * | |
| airspan | a5x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "064DE49C-CD3C-43AF-864E-D8373EAD9B52",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4650A7AA-DD66-4A8B-BB37-4D6789D60B85",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080058F5-00C3-4204-8942-18D5347614B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C295D0C-2C21-474D-B38F-0EA15FB59113",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3239C7-ADFF-413E-86CD-EDBD86FB1ACB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B5039E-8D62-4EB8-A264-1DBA97CC7289",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9944E65E-56D0-4010-B27B-FD7FE469EC20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA42797-2BBB-4622-9F57-2BE53E3D8019",
"versionEndExcluding": "2.5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1009C19-795D-4F1A-8C82-A22754E0EBC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1."
},
{
"lang": "es",
"value": "Esta vulnerabilidad podr\u00eda permitir a un atacante forzar al servidor a crear y ejecutar una petici\u00f3n web que conceda acceso a las APIs del backend que s\u00f3lo son accesibles para el servidor de Mimosa MMP, o solicitar p\u00e1ginas que podr\u00edan llevar a cabo algunas acciones por s\u00ed mismas. El atacante podr\u00eda forzar al servidor a acceder a rutas en esas plataformas de alojamiento en la nube, acceder a claves secretas, cambiar configuraciones, etc. Afecta a MMP: Todas las versiones anteriores a v1.0.3, PTP C-series: Versiones de dispositivos anteriores a v2.8.6.1, y PTMP C-series y A5x: Versiones de dispositivos anteriores a v2.5.4.1"
}
],
"id": "CVE-2022-21215",
"lastModified": "2024-11-21T06:44:07.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:12.667",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21143
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:43
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | mimosa_management_platform | * | |
| airspan | c6x_firmware | * | |
| airspan | c6x | - | |
| airspan | c5x_firmware | * | |
| airspan | c5x | - | |
| airspan | c5c_firmware | * | |
| airspan | c5c | - | |
| airspan | a5x_firmware | * | |
| airspan | a5x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "064DE49C-CD3C-43AF-864E-D8373EAD9B52",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4650A7AA-DD66-4A8B-BB37-4D6789D60B85",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080058F5-00C3-4204-8942-18D5347614B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C295D0C-2C21-474D-B38F-0EA15FB59113",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3239C7-ADFF-413E-86CD-EDBD86FB1ACB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B5039E-8D62-4EB8-A264-1DBA97CC7289",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9944E65E-56D0-4010-B27B-FD7FE469EC20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA42797-2BBB-4622-9F57-2BE53E3D8019",
"versionEndExcluding": "2.5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1009C19-795D-4F1A-8C82-A22754E0EBC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands."
},
{
"lang": "es",
"value": "MMP: Todas las versiones anteriores a v1.0.3, PTP serie C: Versiones de dispositivos anteriores a v2.8.6.1, y PTMP C-series y A5x: Versiones de dispositivos anteriores a v2.5.4.1, no sanean apropiadamente la entrada del usuario en varias ubicaciones, lo que puede permitir a un atacante inyectar comandos arbitrarios"
}
],
"id": "CVE-2022-21143",
"lastModified": "2024-11-21T06:43:58.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:12.257",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-0138
Vulnerability from fkie_nvd - Published: 2022-02-18 18:15 - Updated: 2024-11-21 06:37
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | mimosa_management_platform | * | |
| airspan | c6x_firmware | * | |
| airspan | c6x | - | |
| airspan | c5x_firmware | * | |
| airspan | c5x | - | |
| airspan | c5c_firmware | * | |
| airspan | c5c | - | |
| airspan | a5x_firmware | * | |
| airspan | a5x | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "064DE49C-CD3C-43AF-864E-D8373EAD9B52",
"versionEndExcluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4650A7AA-DD66-4A8B-BB37-4D6789D60B85",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080058F5-00C3-4204-8942-18D5347614B2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C295D0C-2C21-474D-B38F-0EA15FB59113",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3239C7-ADFF-413E-86CD-EDBD86FB1ACB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31B5039E-8D62-4EB8-A264-1DBA97CC7289",
"versionEndExcluding": "2.8.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9944E65E-56D0-4010-B27B-FD7FE469EC20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA42797-2BBB-4622-9F57-2BE53E3D8019",
"versionEndExcluding": "2.5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1009C19-795D-4F1A-8C82-A22754E0EBC4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created."
},
{
"lang": "es",
"value": "MMP: Todas las versiones anteriores a v1.0.3, PTP C-series: Versiones de dispositivos anteriores a v2.8.6.1, y PTMP C-series y A5x: Versiones de dispositivos anteriores a v2.5.4.1, presentan una funci\u00f3n de deserializaci\u00f3n que no comprueba ni valida los datos, permitiendo crear clases arbitrarias"
}
],
"id": "CVE-2022-0138",
"lastModified": "2024-11-21T06:37:58.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T18:15:10.483",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-21176 (GCVE-0-2022-21176)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa SQL Injection
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information.
Severity ?
8.6 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:34.054577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:12.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:20.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21176",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21176",
"datePublished": "2022-02-18T17:50:20.075Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:12.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21141 (GCVE-0-2022-21141)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Incorrect Authorization
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
Severity ?
10 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:09.440311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:01.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:20.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21141",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Incorrect Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21141",
"datePublished": "2022-02-18T17:50:20.915Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21143 (GCVE-0-2022-21143)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa OS Command Injection
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands.
Severity ?
7.5 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:37.231036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:21.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21143",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa OS Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21143",
"datePublished": "2022-02-18T17:50:19.316Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:21.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21800 (GCVE-0-2022-21800)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
Severity ?
6.5 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:32.280054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:32.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:18.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21800",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21800",
"datePublished": "2022-02-18T17:50:18.612Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:32.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0138 (GCVE-0-2022-0138)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Deserialization of Untrusted Data
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.
Severity ?
7.5 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:39.926284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:42.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:17.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Deserialization of Untrusted Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-0138",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-0138",
"datePublished": "2022-02-18T17:50:17.867Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:42.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21196 (GCVE-0-2022-21196)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Improper Authorization
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
Severity ?
10 (Critical)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:14.116430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:52.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Improper Authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21196",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Improper Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21196",
"datePublished": "2022-02-18T17:50:16.878Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:52.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21215 (GCVE-0-2022-21215)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:46
VLAI?
Title
Airspan Networks Mimosa Server-Side Request Forgery (SSRF)
Summary
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.
Severity ?
10 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:18.363776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:46:02.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Server-Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21215",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Server-Side Request Forgery (SSRF)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21215",
"datePublished": "2022-02-18T17:50:15.950Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:46:02.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21176 (GCVE-0-2022-21176)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa SQL Injection
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information.
Severity ?
8.6 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:34.054577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:12.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:20.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21176",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21176",
"datePublished": "2022-02-18T17:50:20.075Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:12.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21141 (GCVE-0-2022-21141)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Incorrect Authorization
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
Severity ?
10 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:09.440311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:01.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:20.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21141",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Incorrect Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21141",
"datePublished": "2022-02-18T17:50:20.915Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21143 (GCVE-0-2022-21143)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa OS Command Injection
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands.
Severity ?
7.5 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:37.231036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:21.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21143",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa OS Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21143",
"datePublished": "2022-02-18T17:50:19.316Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:21.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21800 (GCVE-0-2022-21800)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
Severity ?
6.5 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:32.280054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:32.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:18.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21800",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21800",
"datePublished": "2022-02-18T17:50:18.612Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:32.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0138 (GCVE-0-2022-0138)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Deserialization of Untrusted Data
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.
Severity ?
7.5 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:39.926284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:42.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:17.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Deserialization of Untrusted Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-0138",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-0138",
"datePublished": "2022-02-18T17:50:17.867Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:42.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21196 (GCVE-0-2022-21196)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Improper Authorization
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
Severity ?
10 (Critical)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:14.116430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:52.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Improper Authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21196",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Improper Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21196",
"datePublished": "2022-02-18T17:50:16.878Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:52.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21215 (GCVE-0-2022-21215)
Vulnerability from nvd – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:46
VLAI?
Title
Airspan Networks Mimosa Server-Side Request Forgery (SSRF)
Summary
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.
Severity ?
10 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:18.363776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:46:02.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Server-Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21215",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Server-Side Request Forgery (SSRF)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21215",
"datePublished": "2022-02-18T17:50:15.950Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:46:02.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}