CVE-2022-21196
Summary
| CVE | CVE-2022-21196 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-18 18:15:00 UTC |
| Updated | 2023-07-24 13:50:00 UTC |
| Description | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information. |
Risk And Classification
Problem Types: CWE-287 | NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Airspan | A5x | - | All | All | All |
| Operating System | Airspan | A5x Firmware | All | All | All | All |
| Hardware | Airspan | C5c | - | All | All | All |
| Operating System | Airspan | C5c Firmware | All | All | All | All |
| Hardware | Airspan | C5x | - | All | All | All |
| Operating System | Airspan | C5x Firmware | All | All | All | All |
| Hardware | Airspan | C6x | - | All | All | All |
| Operating System | Airspan | C6x Firmware | All | All | All | All |
| Application | Airspan | Mimosa Management Platform | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Airspan Networks Mimosa | CISA | MISC | www.cisa.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Noam Moshe of Claroty reported these vulnerabilities to CISA.
There are currently no legacy QID mappings associated with this CVE.