CISA: Airspan Networks Mimosa exploitable vulnerabilities

By / / Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Airspan, CISA, CVE-2022-21141, CVE-2022-21196, CVE-2022-21215, Mimosa

A security researcher has discovered multiple Critical vulnerabilities in Airspan Networks Mimosa products that could result in remote code execution, denial-of-service condition, or leak sensitive information.

Noam Moshe of Claroty reported the Airspan vulnerabilities to the Cybersecurity and Infrastructure Security Agency (CISA) and subsequently released in a security advisory.

“Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa’s AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices,” CISA stated in the advisory.

Multiple versions of Mimosa by Airspan products are affected to include:

  • MMP: All versions prior to v1.0.3
  • PTP C-series: Device versions prior to v2.8.6.1
  • PTMP C-series and A5x: Device versions prior to v2.5.4.1.

Critical severity CVEs

Three Critical severity vulnerabilities have a CVSS base score of 10.0 (the highest possible):

  • CVE-2022-21196: Improper Authorization CWE-285
  • CVE-2022-21141: Incorrect Authorization CWE-863
  • CVE-2022-21215: Server-side Request Forgery (SSRF) CWE-918

Regarding the first two vulnerabilities, CISA noted “an attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.”

For the third Critical issue, the SSRF vulnerability CVE-2022-21215 could allow a threat actor to “force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc.”

To add, a fourth Critical risk OS Command Injection vulnerability CVE-2022-21143 (CVSS 9.8) may allow an attacker to inject arbitrary commands.

SQL Injection and other CVEs

One High risk vulnerability CVE-2022-21176 (CVSS 8.6) could allow an attacker to launch a SQL injection attack and steal sensitive information.

Finally, a deserialization of untrusted data vulnerability CVE-2022-0138 (CVSS 7.5) and weak cryptographic algorithm vulnerability CVE-2022-21800 (CVSS 6.5) were also addressed.

Mitigations

Airspan recommends users upgrade to the following versions:

  • MMP: Version 1.0.4 or later
  • PTP:
    • C5x Version 2.90 or later
    • C5c Version 2.90 or later
  • PTMP:
    • C-series Version 2.9.0 or later
    • A5x: Version 2.9.0 or later.

CISA also recommends organizations follow additional safeguards to minimize exploitation of these vulnerabilities:

  • Minimize exposure of control systems/devices to network and internet.
  • Isolate control system networks from business networks and behind firewalls.
  • Use Virtual Private Networks (VPNs) for remote access.
  • Keep all VPNs and connected devices patched and updated.