CVE-2022-21800

EPSS 0.08%
Published 18.02.2022 18:15:12
Last modified 21.11.2024 06:45:27
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Airspan ≫ Mimosa Management Platform Version < 1.0.3

Airspan ≫ C6x Firmware Version < 2.8.6.1

Airspan ≫ C6x Version-

Airspan ≫ C5x Firmware Version < 2.8.6.1

Airspan ≫ C5x Version-

Airspan ≫ C5c Firmware Version < 2.8.6.1

Airspan ≫ C5c Version-

Airspan ≫ A5x Firmware Version < 2.5.4.1

Airspan ≫ A5x Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.236

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
ics-cert@hq.dhs.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-21800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-21800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-21800

EUVD