Vulnerabilities > CVE-2022-0138 - Deserialization of Untrusted Data vulnerability in Airspan products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
airspan
CWE-502
NVD
Published: 2022-02-18
Updated: 2022-02-26

Summary

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.

Vulnerable Configurations

Part Description Count
Application
Airspan
1
OS
Airspan
4
Hardware
Airspan
4

Common Weakness Enumeration (CWE)

References