CISA issues advisory warning of critical vulnerabilities in Airspan Networks Mimosa

CISA has warned of critical vulnerabilities in Airspan Networks Mimosa, some of which have earned CVSS severity score ratings of 10, the highest possible. 

When security vulnerabilities are severe and the products they impact are popular or critical to the operations of key industries, the US Cybersecurity and Infrastructure Security Agency (CISA) will often issue advisories to make sure they reach the attention of IT administrators and security staff. 

On Thursday, CISA issued such an advisory for Airspan Networks Mimosa. Mimosa devices are offered to industrial and enterprise players for point-to-multipoint (PTMP) network deployment.

Seven vulnerabilities have been included in the advisory, detailing bugs earning themselves CVSS v3 base scores ranging from 6.5 to 10.0.

The Airspan Networks products impacted by the vulnerabilities are the Mimosa Management Platform (MMP) prior to v1.0.3; PTP C-series devices running firmware prior to v2.8.6.1, and both PTMP C-series and A5x devices running firmware below v2.5.4.1.

Noam Moshe, of Claroty, reported the security issues, which are said to be exploitable remotely and with low attack complexity. 

“Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa’s AWS cloud EC2 instance and S3 buckets, and

Read More: