MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
References
Link | Resource |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory US Government Resource |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
21 Nov 2024, 06:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 10.0 |
References | () https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 - Third Party Advisory, US Government Resource |
24 Jul 2023, 13:50
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 NVD-CWE-Other |
Information
Published : 2022-02-18 18:15
Updated : 2024-11-21 06:44
NVD link : CVE-2022-21196
Mitre link : CVE-2022-21196
CVE.ORG link : CVE-2022-21196
JSON object : View
Products Affected
airspan
- c5x
- a5x
- c5c
- c5c_firmware
- c5x_firmware
- c6x
- mimosa_management_platform
- a5x_firmware
- c6x_firmware
CWE