Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2022-21141 Explained : Impact and Mitigation

Critical vulnerability CVE-2022-21141 in Airspan Networks products MMP, PTP C-series, PTMP C-series, and A5x allows remote code execution and unauthorized access. Learn how to mitigate risks.

Airspan Networks recently disclosed a critical vulnerability, known as Airspan Networks Mimosa Incorrect Authorization, with CVE ID CVE-2022-21141. This CVE impacts various products by Airspan Networks, including MMP, PTP C-series, and PTMP C-series and A5x, due to improper authorization checks on multiple API functions. This could allow an attacker to execute remote code, cause denial of service, and access sensitive information.

Understanding CVE-2022-21141

This section delves into the specifics of the Airspan Networks Mimosa Incorrect Authorization vulnerability.

What is CVE-2022-21141?

The vulnerability affects MMP versions prior to v1.0.3, PTP C-series devices before v2.8.6.1, and PTMP C-series as well as A5x devices prior to v2.5.4.1. The flaw arises from the lack of proper authorization verification in multiple API functions.

The Impact of CVE-2022-21141

The impact of this vulnerability is significant, with a CVSS v3.1 base score of 10 (Critical). The attack complexity is low, but the confidentiality, integrity, and availability impacts are high. An attacker can exploit this flaw via a network without requiring privileges or user interaction.

Technical Details of CVE-2022-21141

This section provides more technical insights into the vulnerability.

Vulnerability Description

The vulnerability allows attackers to bypass authorization checks on various API functions, potentially leading to remote code execution, denial-of-service conditions, and unauthorized access to sensitive information.

Affected Systems and Versions

The impacted products include MMP, PTP C-series, and PTMP C-series and A5x devices with versions falling below v1.0.3, v2.8.6.1, and v2.5.4.1, respectively.

Exploitation Mechanism

By exploiting the lack of proper authorization checks, threat actors can remotely execute malicious code, disrupt services, and exfiltrate sensitive data.

Mitigation and Prevention

Protecting systems from CVE-2022-21141 requires immediate actions and long-term security practices.

Immediate Steps to Take

Airspan Networks recommends users to update their affected products to the following versions:

        MMP: Version 1.0.4 or later
        PTP C5x: Version 2.90 or later
        PTP C5c: Version 2.90 or later
        PTMP C-series: Version 2.9.0 or later
        A5x: Version 2.9.0 or later

Long-Term Security Practices

Apart from applying patches, users should enhance overall network security, implement access controls, and conduct regular security assessments.

Patching and Updates

Regularly monitor vendor updates, apply patches promptly, and stay informed about security advisories to mitigate risks effectively.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now