Vulnerabilities > CVE-2022-21196 - Unspecified vulnerability in Airspan products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

airspan

critical

NVD

Published: 2022-02-18

Updated: 2023-07-24

Summary

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Airspan Airspan Mimosa Management Platform *	1
OS	Airspan Airspan C6X Firmware * Airspan C5X Firmware * Airspan C5C Firmware * Airspan A5X Firmware *	4
Hardware	Airspan Airspan C6X - Airspan C5X - Airspan C5C - Airspan A5X -	4

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02