Vulnerability Description
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Airspan | Mimosa Management Platform | < 1.0.3 |
| Airspan | C6X Firmware | < 2.8.6.1 |
| Airspan | C6X | - |
| Airspan | C5X Firmware | < 2.8.6.1 |
| Airspan | C5X | - |
| Airspan | C5C Firmware | < 2.8.6.1 |
| Airspan | C5C | - |
| Airspan | A5X Firmware | < 2.5.4.1 |
| Airspan | A5X | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-0138?
CVE-2022-0138 is a vulnerability with a CVSS score of 7.5 (HIGH). MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate o...
How severe is CVE-2022-0138?
CVE-2022-0138 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0138?
Check the references section above for vendor advisories and patch information. Affected products include: Airspan Mimosa Management Platform, Airspan C6X Firmware, Airspan C6X, Airspan C5X Firmware, Airspan C5X.