ICSA-22-132-04 · Published 2022-05-12 · View on CISA ICS-CERT ↗

Cambium Networks cnMaestro

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain remote code execution, sensitive data exfiltration, and complete takeover of the main multi-tenant cloud infrastructure.

CVEs (7)

CVE-2022-1357 CVE-2022-1358 CVE-2022-1361 CVE-2022-1360 CVE-2022-1362 CVE-2022-1359 CVE-2022-1356

Remediations

Cambium Networks recommends affected users apply one of the following upgrade packages: 3.0.3-r32
Cambium Networks recommends affected users apply one of the following upgrade packages: 2.4.2-r29
Cambium Networks recommends affected users apply one of the following upgrade packages: 3.0.0-r34
The security patches are available from Cambium Networks support (login required).
For users of cnMaestro Cloud, these vulnerabilities have been patched by Cambium Networks and no further action is required.

Affected Vendors

Cambium Networks

Affected Products (3)

Cambium Networks · cnMaestro On-Premises < 2.4.2-r29

Cambium Networks · cnMaestro On-Premises < 3.0.0-r34

Cambium Networks · cnMaestro On-Premises < 3.0.3-r32

Affected Sectors

Information Technology

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more