Security News > 2022 > February > CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday published an Industrial Controls Systems Advisory warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service condition, and obtain sensitive information.
"Successful exploitation of these vulnerabilities could allow an attacker to gain user data and other sensitive data, compromise Mimosa's AWS cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices," CISA said in the alert.
Mimosa Management Platform running versions prior to v1.0.3.
Airspan Network's Mimosa product line provides hybrid fiber-wireless network solutions to service providers, industrial, and government operators for both short and long-range broadband deployments.
CISA is advising vulnerable organizations to minimize network exposure, isolate control system networks from the business network, and use virtual private networks for remote access to mitigate the risk of exploitation of these vulnerabilities.
The disclosure also comes as Cisco Talos published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W Wi-Fi-connected edge device, which could allow an attacker to conduct a man-in-the-middle attack and execute remote code on the targeted device.
News URL
https://thehackernews.com/2022/02/cisa-warns-of-critical-vulnerabilities.html
Related news
- CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- CISA Identifies Five New Vulnerabilities Currently Being Exploited (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)