CVE-2022-21800

Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm

Description

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.

Remediation

Solution:

Airspan Networks recommends users update to following products (Login Required): MMP: Version 1.0.4 or later PTP: C5x: Version 2.90 or later C5c: Version 2.90 or later PTMP: C-series: Version 2.9.0 or later A5x: Version 2.9.0 or later

References

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02	third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-21800?: CVE-2022-21800 has been scored as a medium severity vulnerability.
How to fix CVE-2022-21800?: To fix CVE-2022-21800: Airspan Networks recommends users update to following products (Login Required): MMP: Version 1.0.4 or later PTP: C5x: Version 2.90 or later C5c: Version 2.90 or later PTMP: C-series: Version 2.9.0 or later A5x: Version 2.9.0 or later
Is CVE-2022-21800 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-21800 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-21800?: CVE-2022-21800 affects Airspan Networks MMP, Airspan Networks PTP C-series, Airspan Networks PTMP C-series and A5x.

Description

Remediation

Categories

CWE-327 – Use of a Broken or Risky Cryptographic Algorithm

CWE-326 – Inadequate Encryption Strength

References

Frequently Asked Questions