CVE-2022-21215

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-18 18:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-21215

Mitre link : CVE-2022-21215

CVE.ORG link : CVE-2022-21215

JSON object : View

Products Affected

airspan

c5x
c6x_firmware
a5x_firmware
a5x
c5c
c5c_firmware
mimosa_management_platform
c5x_firmware
c6x

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2022-21215", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2022-02-18T18:15:12.667", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1."}, {"lang": "es", "value": "Esta vulnerabilidad podr\u00eda permitir a un atacante forzar al servidor a crear y ejecutar una petici\u00f3n web que conceda acceso a las APIs del backend que s\u00f3lo son accesibles para el servidor de Mimosa MMP, o solicitar p\u00e1ginas que podr\u00edan llevar a cabo algunas acciones por s\u00ed mismas. El atacante podr\u00eda forzar al servidor a acceder a rutas en esas plataformas de alojamiento en la nube, acceder a claves secretas, cambiar configuraciones, etc. Afecta a MMP: Todas las versiones anteriores a v1.0.3, PTP C-series: Versiones de dispositivos anteriores a v2.8.6.1, y PTMP C-series y A5x: Versiones de dispositivos anteriores a v2.5.4.1"}], "lastModified": "2022-02-26T04:53:34.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "064DE49C-CD3C-43AF-864E-D8373EAD9B52", "versionEndExcluding": "1.0.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4650A7AA-DD66-4A8B-BB37-4D6789D60B85", "versionEndExcluding": "2.8.6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "080058F5-00C3-4204-8942-18D5347614B2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C295D0C-2C21-474D-B38F-0EA15FB59113", "versionEndExcluding": "2.8.6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2C3239C7-ADFF-413E-86CD-EDBD86FB1ACB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31B5039E-8D62-4EB8-A264-1DBA97CC7289", "versionEndExcluding": "2.8.6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9944E65E-56D0-4010-B27B-FD7FE469EC20"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECA42797-2BBB-4622-9F57-2BE53E3D8019", "versionEndExcluding": "2.5.4.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C1009C19-795D-4F1A-8C82-A22754E0EBC4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}