CVE-2022-21196

EPSS 0.56%
Published 18.02.2022 18:15:12
Last modified 21.11.2024 06:44:04
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Airspan ≫ Mimosa Management Platform Version < 1.0.3

Airspan ≫ C6x Firmware Version < 2.8.6.1

Airspan ≫ C6x Version-

Airspan ≫ C5x Firmware Version < 2.8.6.1

Airspan ≫ C5x Version-

Airspan ≫ C5c Firmware Version < 2.8.6.1

Airspan ≫ C5c Version-

Airspan ≫ A5x Firmware Version < 2.5.4.1

Airspan ≫ A5x Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.657

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-21196

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-21196

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-21196

EUVD