Vulnerability Description
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Airspan | Mimosa Management Platform | < 1.0.3 |
| Airspan | C6X Firmware | < 2.8.6.1 |
| Airspan | C6X | - |
| Airspan | C5X Firmware | < 2.8.6.1 |
| Airspan | C5X | - |
| Airspan | C5C Firmware | < 2.8.6.1 |
| Airspan | C5C | - |
| Airspan | A5X Firmware | < 2.5.4.1 |
| Airspan | A5X | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-21141?
CVE-2022-21141 is a vulnerability with a CVSS score of 10.0 (CRITICAL). MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multipl...
How severe is CVE-2022-21141?
CVE-2022-21141 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-21141?
Check the references section above for vendor advisories and patch information. Affected products include: Airspan Mimosa Management Platform, Airspan C6X Firmware, Airspan C6X, Airspan C5X Firmware, Airspan C5X.