CVE-2022-21196

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:44

Type Values Removed Values Added
CVSS v2 : 10.0
v3 : 9.8
v2 : 10.0
v3 : 10.0
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 - Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02 - Third Party Advisory, US Government Resource

24 Jul 2023, 13:50

Type Values Removed Values Added
CWE CWE-863 CWE-287
NVD-CWE-Other

Information

Published : 2022-02-18 18:15

Updated : 2024-11-21 06:44


NVD link : CVE-2022-21196

Mitre link : CVE-2022-21196

CVE.ORG link : CVE-2022-21196


JSON object : View

Products Affected

airspan

  • c5x
  • a5x
  • c5c
  • c5c_firmware
  • c5x_firmware
  • c6x
  • mimosa_management_platform
  • a5x_firmware
  • c6x_firmware
CWE
CWE-285

Improper Authorization

CWE-287

Improper Authentication

NVD-CWE-Other