CVE-2022-21196

CRITICAL

Airspan Mimosa Management Platform <1.0.3 & C6x/C5x/C5c <2.8.6.1 & A5x <2.5.4.1 - Auth Bypass

Title source: llm
STIX 2.1

Description

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02

Scores

CVSS v3 10.0
EPSS 0.0353
EPSS Percentile 87.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-285 CWE-287
Status published
Products (5)
airspan/a5x_firmware < 2.5.4.1
airspan/c5c_firmware < 2.8.6.1
airspan/c5x_firmware < 2.8.6.1
airspan/c6x_firmware < 2.8.6.1
airspan/mimosa_management_platform < 1.0.3
Published Feb 18, 2022
Tracked Since Feb 18, 2026