Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2022-21143 : Security Advisory and Response

Discover the impact of CVE-2022-21143, a high-severity vulnerability in Airspan Networks' MMP, PTP C-series, and PTMP C-series, enabling remote command injection by threat actors. Learn the mitigation steps.

Airspan Networks Mimosa OS Command Injection vulnerability was reported on February 3, 2022, affecting multiple products by Airspan Networks.

Understanding CVE-2022-21143

This CVE focuses on a command injection vulnerability in Airspan Networks' products that can allow an attacker to execute arbitrary commands.

What is CVE-2022-21143?

The vulnerability exists in MMP versions prior to v1.0.3, PTP C-series devices before v2.8.6.1, and PTMP C-series and A5x devices earlier than v2.5.4.1. It occurs due to improper user input sanitization.

The Impact of CVE-2022-21143

With a CVSS base score of 7.5 (High), the vulnerability poses a significant threat, enabling attackers to inject arbitrary commands into the affected devices.

Technical Details of CVE-2022-21143

Vulnerability Description

The vulnerability stems from the failure to properly sanitize user input, allowing threat actors to execute malicious commands on affected devices.

Affected Systems and Versions

        MMP: All versions before v1.0.3
        PTP C-series: Versions earlier than v2.8.6.1
        PTMP C-series and A5x: Versions below v2.5.4.1

Exploitation Mechanism

The lack of input sanitization in multiple locations creates an avenue for attackers to inject and execute commands remotely.

Mitigation and Prevention

Immediate Steps to Take

Airspan Networks recommends updating to the following versions:

        MMP: Version 1.0.4 or later
        PTP C5x: Version 2.90 or later
        PTP C5c: Version 2.90 or later
        PTMP C-series: Version 2.9.0 or later
        A5x: Version 2.9.0 or later

Long-Term Security Practices

To enhance security posture, organizations should enforce strict input validation practices and conduct regular security audits.

Patching and Updates

Regularly applying security patches, implementing network segmentation, and monitoring for unusual activities can mitigate the risk associated with such vulnerabilities.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now