Airspan Networks Mimosa

Plan PatchCVSS 10ICS-CERT ICSA-22-034-02Feb 3, 2022

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Airspan Networks Mimosa devices and management platform contain multiple critical vulnerabilities (CWE-285 authorization bypass, CWE-863 improper access control, CWE-918 unsanitized HTTP request, CWE-89 SQL injection, CWE-502 deserialization of untrusted data, CWE-78 OS command injection, CWE-327 weak cryptography) that allow unauthenticated remote attackers to execute arbitrary code on devices and compromise connected AWS infrastructure. Successful exploitation could result in unauthorized access to customer data, organization details, and compromise of EC2 instances and S3 buckets containing sensitive information.

What this means

What could happen

An attacker could remotely execute code on Mimosa wireless access point devices and the associated AWS cloud infrastructure, gaining access to customer data, organization details, and potentially disrupting network connectivity across your wireless backhaul or access network.

Who's at risk

This affects organizations using Airspan Networks Mimosa wireless point-to-multipoint (PTMP) and point-to-point (PTP) access points, and Mimosa Management Platform (MMP) for network backhaul or last-mile access delivery. This includes wireless ISPs, municipal networks, and utility broadband deployments that rely on these devices for data transport.

How it could be exploited

An attacker could send specially crafted requests over the network to the Mimosa device's management interface, exploiting authentication bypass and injection vulnerabilities to execute arbitrary code on the device and connect to the AWS cloud backend, compromising EC2 instances and S3 storage buckets.

Prerequisites

Network access to the Mimosa device management interface (typically port 80/443)
Device must be cloud-connected to AWS
No authentication required for initial exploit

remotely exploitableno authentication requiredlow complexityhigh severity (CVSS 10)affects cloud infrastructuremultiple critical vulnerability types (auth bypass, code injection, RCE)

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (3)

2 with fix1 pending

ProductAffected VersionsFix Status

PTP C-series: Device< 2.8.6.1No fix yet

MMP: All< 1.0.31.0.4+

PTMP C-series and A5x: Device< 2.5.4.12.9.0+

Remediation & Mitigation

0/8

Do now

0/1

WORKAROUNDRestrict network access to Mimosa device management interfaces using firewall rules; do not expose to the Internet

Schedule — requires maintenance window

0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MMP to version 1.0.4 or later

HOTFIXUpdate PTP C5x to version 2.90 or later

HOTFIXUpdate PTP C5c to version 2.90 or later

HOTFIXUpdate PTMP C-series to version 2.9.0 or later

HOTFIXUpdate PTMP A5x to version 2.9.0 or later

Long-term hardening

0/2

HARDENINGIsolate Mimosa devices and management networks from general business network using network segmentation

HARDENINGFor required remote access to devices, enforce VPN with current security patches and strong authentication

CVEs (7)

CVE-2022-21196 CVE-2022-21141 CVE-2022-21215 CVE-2022-21176 CVE-2022-0138 CVE-2022-21143 CVE-2022-21800

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f7e61fa8-4d78-447a-8409-a8393d999f5f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.