ICSA-22-034-02 · Published 2022-02-03 · View on CISA ICS-CERT ↗

Airspan Networks Mimosa

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa 's AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices.

CVEs (7)

CVE-2022-21196 CVE-2022-21141 CVE-2022-21215 CVE-2022-21176 CVE-2022-0138 CVE-2022-21143 CVE-2022-21800

Remediations

Update MMP: Version 1.0.4 or later
Update C5x: Version 2.90 or later
Update C5c: Version 2.90 or later
Update C-series: Version 2.9.0 or later
Update A5x: Version 2.9.0 or later

Affected Vendors

Airspan Networks

Affected Products (3)

Airspan Networks · MMP < 1.0.3

Airspan Networks · PTMP C-series and A5x < 2.5.4.1

Airspan Networks · PTP C-series < 2.8.6.1

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more