CVE-2022-21215
Last modified
CVE-2022-21215 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Airspan | Mimosa Management Platform | < 1.0.3 |
| Airspan | C6x Firmware | < 2.8.6.1 |
| Airspan | C5x Firmware | < 2.8.6.1 |
| Airspan | C5c Firmware | < 2.8.6.1 |
| Airspan | A5x Firmware | < 2.5.4.1 |
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party Advisory, US Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-21215?
How severe is CVE-2022-21215?
How do I fix CVE-2022-21215?
Are you affected by CVE-2022-21215?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST