• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa warns of critical vulnerabilities discovered in airspan networks mimosa

CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa

You are here: Home / General Cyber Security News / CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa
February 4, 2022

The U.S. Cybersecurity and Infrastructure Security Company (CISA) on Thursday printed an Industrial Controls Methods Advisory (ICSA) warning of a number of vulnerabilities in the Airspan Networks Mimosa products that could be abused to gain distant code execution, generate a denial-of-services (DoS) condition, and get hold of delicate data.

“Successful exploitation of these vulnerabilities could allow for an attacker to achieve person facts (including firm specifics) and other sensitive information, compromise Mimosa’s AWS (Amazon Web Companies) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa equipment,” CISA mentioned in the alert.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The seven flaws, which had been learned and claimed to CISA by industrial cybersecurity firm Claroty, have an impact on the adhering to merchandise —

  • Mimosa Management System (MMP) managing versions prior to v1..3
  • Level-to-Issue (PTP) C5c and C5x working versions prior to v2.8.6.1, and
  • Stage-to-Multipoint (PTMP) A5x and C-collection (C5c, C5x, and C6x) running variations prior to v2.5.4.1

Airspan Network’s Mimosa product or service line provides hybrid fiber-wi-fi (HFW) network remedies to provider providers, industrial, and govt operators for equally brief and lengthy-variety broadband deployments.

The critical bugs are section of seven overall vulnerabilities, a few of which are rated 10 out of 10 on the CVSS vulnerability-severity scale, properly enabling an adversary to execute arbitrary code, accessibility magic formula keys, and even modify configurations.

4 other remaining flaws could make it possible for an attacker to inject arbitrary commands, crack hashed (but not salted) passwords, and acquire unauthorized accessibility to delicate information.

To mitigate the defects, consumers are encouraged to update to MMP model 1..4 or increased, PTP C5c and C5x edition 2.90 or increased, and PTMP A5x and C-sequence version 2.9. or bigger.

Prevent Data Breaches

In addition, CISA is advising vulnerable companies to minimize network publicity, isolate manage technique networks from the enterprise network, and use digital non-public networks (VPNs) for remote accessibility to mitigate the risk of exploitation of these vulnerabilities.

The disclosure also will come as Cisco Talos published details on a sequence of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W Wi-Fi-linked edge system, which could allow for an attacker to perform a guy-in-the-center (MitM) attack and execute distant code on the qualified device.

Found this report fascinating? Observe THN on Fb, Twitter  and LinkedIn to read through a lot more distinctive articles we write-up.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «hackers exploited 0 day vulnerability in zimbra email platform to spy Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
Next Post: Cynet Log4Shell Webinar: A Thorough – And Clear – Explanation cynet log4shell webinar: a thorough and clear explanation»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Another Destructive Wiper Targets Organizations in Ukraine
  • New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
  • New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
  • NortonLifeLock and Avast merger could reduce competition, CMA warns
  • Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations
  • NSW ditches e-voting system for 2023 election
  • Kaspersky Hits Back at “Politically Motivated” BSI Advisory
  • Germany advises against using Kaspersky software due to hacking risk

Copyright © TheCyberSecurity.News, All Rights Reserved.