Vulnerability Description
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Airspan | Mimosa Management Platform | < 1.0.3 |
| Airspan | C6X Firmware | < 2.8.6.1 |
| Airspan | C6X | - |
| Airspan | C5X Firmware | < 2.8.6.1 |
| Airspan | C5X | - |
| Airspan | C5C Firmware | < 2.8.6.1 |
| Airspan | C5C | - |
| Airspan | A5X Firmware | < 2.5.4.1 |
| Airspan | A5X | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-21800?
CVE-2022-21800 is a vulnerability with a CVSS score of 6.5 (MEDIUM). MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before sto...
How severe is CVE-2022-21800?
CVE-2022-21800 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-21800?
Check the references section above for vendor advisories and patch information. Affected products include: Airspan Mimosa Management Platform, Airspan C6X Firmware, Airspan C6X, Airspan C5X Firmware, Airspan C5X.