CVE-2022-21176

Airspan Networks Mimosa SQL Injection

Description

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information.

Remediation

Solution:

Airspan Networks recommends users update to following products (Login Required): MMP: Version 1.0.4 or later PTP: C5x: Version 2.90 or later C5c: Version 2.90 or later PTMP: C-series: Version 2.9.0 or later A5x: Version 2.9.0 or later

References

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-21176?: CVE-2022-21176 has been scored as a high severity vulnerability.
How to fix CVE-2022-21176?: To fix CVE-2022-21176: Airspan Networks recommends users update to following products (Login Required): MMP: Version 1.0.4 or later PTP: C5x: Version 2.90 or later C5c: Version 2.90 or later PTMP: C-series: Version 2.9.0 or later A5x: Version 2.9.0 or later
Is CVE-2022-21176 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-21176 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-21176?: CVE-2022-21176 affects Airspan Networks MMP, Airspan Networks PTP C-series, Airspan Networks PTMP C-series and A5x.

Description

Remediation

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions