Critical vulnerability CVE-2022-21141 in Airspan Networks products MMP, PTP C-series, PTMP C-series, and A5x allows remote code execution and unauthorized access. Learn how to mitigate risks.
Airspan Networks recently disclosed a critical vulnerability, known as Airspan Networks Mimosa Incorrect Authorization, with CVE ID CVE-2022-21141. This CVE impacts various products by Airspan Networks, including MMP, PTP C-series, and PTMP C-series and A5x, due to improper authorization checks on multiple API functions. This could allow an attacker to execute remote code, cause denial of service, and access sensitive information.
Understanding CVE-2022-21141
This section delves into the specifics of the Airspan Networks Mimosa Incorrect Authorization vulnerability.
What is CVE-2022-21141?
The vulnerability affects MMP versions prior to v1.0.3, PTP C-series devices before v2.8.6.1, and PTMP C-series as well as A5x devices prior to v2.5.4.1. The flaw arises from the lack of proper authorization verification in multiple API functions.
The Impact of CVE-2022-21141
The impact of this vulnerability is significant, with a CVSS v3.1 base score of 10 (Critical). The attack complexity is low, but the confidentiality, integrity, and availability impacts are high. An attacker can exploit this flaw via a network without requiring privileges or user interaction.
Technical Details of CVE-2022-21141
This section provides more technical insights into the vulnerability.
Vulnerability Description
The vulnerability allows attackers to bypass authorization checks on various API functions, potentially leading to remote code execution, denial-of-service conditions, and unauthorized access to sensitive information.
Affected Systems and Versions
The impacted products include MMP, PTP C-series, and PTMP C-series and A5x devices with versions falling below v1.0.3, v2.8.6.1, and v2.5.4.1, respectively.
Exploitation Mechanism
By exploiting the lack of proper authorization checks, threat actors can remotely execute malicious code, disrupt services, and exfiltrate sensitive data.
Mitigation and Prevention
Protecting systems from CVE-2022-21141 requires immediate actions and long-term security practices.
Immediate Steps to Take
Airspan Networks recommends users to update their affected products to the following versions:
Long-Term Security Practices
Apart from applying patches, users should enhance overall network security, implement access controls, and conduct regular security assessments.
Patching and Updates
Regularly monitor vendor updates, apply patches promptly, and stay informed about security advisories to mitigate risks effectively.