CVE-2022-21196

Airspan Networks Mimosa Improper Authorization

Description

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.

Remediation

Solution:

Airspan Networks recommends users update to following products (Login Required): MMP: Version 1.0.4 or later PTP: C5x: Version 2.90 or later C5c: Version 2.90 or later PTMP: C-series: Version 2.9.0 or later A5x: Version 2.9.0 or later

References

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-21196?: CVE-2022-21196 has been scored as a critical severity vulnerability.
How to fix CVE-2022-21196?: To fix CVE-2022-21196: Airspan Networks recommends users update to following products (Login Required): MMP: Version 1.0.4 or later PTP: C5x: Version 2.90 or later C5c: Version 2.90 or later PTMP: C-series: Version 2.9.0 or later A5x: Version 2.9.0 or later
Is CVE-2022-21196 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-21196 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-21196?: CVE-2022-21196 affects Airspan Networks MMP, Airspan Networks PTP C-series, Airspan Networks PTMP C-series and A5x.

Description

Remediation

Categories

CWE-285 – Improper Authorization

CWE-287 – Improper Authentication

References

Frequently Asked Questions