Products

Solutions

Company

CVE-2022-0138 : Security Advisory and Response

Learn about CVE-2022-0138 affecting Airspan Networks MMP, PTP C-series, and PTMP C-series products, enabling arbitrary class creation. Find mitigation steps and updates.

Airspan Networks Mimosa Deserialization of Untrusted Data

Understanding CVE-2022-0138

This CVE refers to a vulnerability in Airspan Networks products that allow the creation of arbitrary classes due to a deserialization flaw.

What is CVE-2022-0138?

The vulnerability affects MMP versions prior to v1.0.3, PTP C-series versions prior to v2.8.6.1, and PTMP C-series and A5x versions prior to v2.5.4.1, enabling the creation of arbitrary classes.

The Impact of CVE-2022-0138

With a CVSS v3.1 base score of 7.5 (High), the vulnerability poses a risk of integrity impact where an attacker could exploit the deserialization flaw to execute arbitrary code.

Technical Details of CVE-2022-0138

The vulnerability arises due to a deserialization function that lacks data validation, allowing unauthorized class creation.

Vulnerability Description

MMP, PTP C-series, and PTMP C-series and A5x devices are affected by the deserialization flaw, permitting the creation of arbitrary classes.

Affected Systems and Versions

MMP: All versions before v1.0.3

PTP C-series: Versions prior to v2.8.6.1

PTMP C-series and A5x: Versions before v2.5.4.1

Exploitation Mechanism

The vulnerability allows threat actors to abuse the deserialization process, creating potentially malicious classes and executing arbitrary code.

Mitigation and Prevention

To address CVE-2022-0138, Airspan Networks recommends updating affected products to the following versions:

MMP: Version 1.0.4 or later

PTP C5x: Version 2.90 or later

PTP C5c: Version 2.90 or later

PTMP C-series: Version 2.9.0 or later

PTMP A5x: Version 2.9.0 or later

Immediate Steps to Take

Affected users should apply the provided patches and updates promptly to mitigate the risk of exploitation.

Long-Term Security Practices

Regularly monitor for security updates and apply patches promptly to reduce exposure to similar vulnerabilities.

Patching and Updates

Stay informed about security advisories from Airspan Networks and promptly apply recommended patches to ensure the security of the affected products.

CVE-2022-0138 : Security Advisory and Response

Understanding CVE-2022-0138

What is CVE-2022-0138?

The Impact of CVE-2022-0138

Technical Details of CVE-2022-0138

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2022-0138 : Security Advisory and Response

Understanding CVE-2022-0138

What is CVE-2022-0138?

The Impact of CVE-2022-0138

Technical Details of CVE-2022-0138

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Is your System Free of Underlying Vulnerabilities?
Find Out Now