Search criteria
7 vulnerabilities by Airspan Networks
CVE-2022-21176 (GCVE-0-2022-21176)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa SQL Injection
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information.
Severity ?
8.6 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:34.054577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:12.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:20.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21176",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21176",
"datePublished": "2022-02-18T17:50:20.075Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:12.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21141 (GCVE-0-2022-21141)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Incorrect Authorization
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
Severity ?
10 (Critical)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:09.440311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:01.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:20.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21141",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Incorrect Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21141",
"datePublished": "2022-02-18T17:50:20.915Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21143 (GCVE-0-2022-21143)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa OS Command Injection
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands.
Severity ?
7.5 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:58.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:37.231036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:21.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:19.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21143",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa OS Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21143",
"datePublished": "2022-02-18T17:50:19.316Z",
"dateReserved": "2022-01-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:21.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21800 (GCVE-0-2022-21800)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
Severity ?
6.5 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:32.280054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:32.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:18.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21800",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21800",
"datePublished": "2022-02-18T17:50:18.612Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:32.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0138 (GCVE-0-2022-0138)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Deserialization of Untrusted Data
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.
Severity ?
7.5 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:39.926284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:42.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:17.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Deserialization of Untrusted Data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-0138",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-0138",
"datePublished": "2022-02-18T17:50:17.867Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:42.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21196 (GCVE-0-2022-21196)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:45
VLAI?
Title
Airspan Networks Mimosa Improper Authorization
Summary
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
Severity ?
10 (Critical)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:14.116430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:45:52.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Improper Authorization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21196",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Improper Authorization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21196",
"datePublished": "2022-02-18T17:50:16.878Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:45:52.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21215 (GCVE-0-2022-21215)
Vulnerability from cvelistv5 – Published: 2022-02-18 17:50 – Updated: 2025-04-16 16:46
VLAI?
Title
Airspan Networks Mimosa Server-Side Request Forgery (SSRF)
Summary
This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1.
Severity ?
10 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Airspan Networks | MMP |
Affected:
unspecified , < v1.0.3
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Noam Moshe of Claroty reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:58:18.363776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:46:02.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MMP",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v1.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTP C-series",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "PTMP C-series and A5x",
"vendor": "Airspan Networks",
"versions": [
{
"lessThan": "v2.5.4.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T17:50:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
],
"solutions": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
},
"title": "Airspan Networks Mimosa Server-Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-03T17:50:00.000Z",
"ID": "CVE-2022-21215",
"STATE": "PUBLIC",
"TITLE": "Airspan Networks Mimosa Server-Side Request Forgery (SSRF)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MMP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.0.3"
}
]
}
},
{
"product_name": "PTP C-series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.8.6.1"
}
]
}
},
{
"product_name": "PTMP C-series and A5x",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.5.4.1"
}
]
}
}
]
},
"vendor_name": "Airspan Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc. Affecting MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "Airspan Networks recommends users update to following products (Login Required):\n\nMMP: Version 1.0.4 or later\nPTP:\nC5x: Version 2.90 or later\nC5c: Version 2.90 or later\nPTMP: \nC-series: Version 2.9.0 or later\nA5x: Version 2.9.0 or later"
}
],
"source": {
"advisory": "ICSA-22-034-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-21215",
"datePublished": "2022-02-18T17:50:15.950Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:46:02.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}