CVE-2022-21196
Last modified
CVE-2022-21196 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.. EPSS estimates a 3.53% chance of exploitation in the next 30 days.
Description
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Airspan | Mimosa Management Platform | < 1.0.3 |
| Airspan | C6x Firmware | < 2.8.6.1 |
| Airspan | C5x Firmware | < 2.8.6.1 |
| Airspan | C5c Firmware | < 2.8.6.1 |
| Airspan | A5x Firmware | < 2.5.4.1 |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-21196?
How severe is CVE-2022-21196?
How do I fix CVE-2022-21196?
Are you affected by CVE-2022-21196?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST