Vulnerabilities > CVE-2022-21141 - Incorrect Authorization vulnerability in Airspan products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

airspan

CWE-863

critical

NVD

Published: 2022-02-18

Updated: 2022-02-26

Summary

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Airspan Airspan Mimosa Management Platform *	1
OS	Airspan Airspan C6X Firmware * Airspan C5X Firmware * Airspan C5C Firmware * Airspan A5X Firmware *	4
Hardware	Airspan Airspan C6X - Airspan C5X - Airspan C5C - Airspan A5X -	4

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02