• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa warns of critical vulnerabilities discovered in airspan networks mimosa

CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa

You are here: Home / General Cyber Security News / CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa
February 4, 2022

The U.S. Cybersecurity and Infrastructure Security Company (CISA) on Thursday printed an Industrial Controls Methods Advisory (ICSA) warning of a number of vulnerabilities in the Airspan Networks Mimosa products that could be abused to gain distant code execution, generate a denial-of-services (DoS) condition, and get hold of delicate data.

“Successful exploitation of these vulnerabilities could allow for an attacker to achieve person facts (including firm specifics) and other sensitive information, compromise Mimosa’s AWS (Amazon Web Companies) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa equipment,” CISA mentioned in the alert.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The seven flaws, which had been learned and claimed to CISA by industrial cybersecurity firm Claroty, have an impact on the adhering to merchandise —

  • Mimosa Management System (MMP) managing versions prior to v1..3
  • Level-to-Issue (PTP) C5c and C5x working versions prior to v2.8.6.1, and
  • Stage-to-Multipoint (PTMP) A5x and C-collection (C5c, C5x, and C6x) running variations prior to v2.5.4.1

Airspan Network’s Mimosa product or service line provides hybrid fiber-wi-fi (HFW) network remedies to provider providers, industrial, and govt operators for equally brief and lengthy-variety broadband deployments.

The critical bugs are section of seven overall vulnerabilities, a few of which are rated 10 out of 10 on the CVSS vulnerability-severity scale, properly enabling an adversary to execute arbitrary code, accessibility magic formula keys, and even modify configurations.

4 other remaining flaws could make it possible for an attacker to inject arbitrary commands, crack hashed (but not salted) passwords, and acquire unauthorized accessibility to delicate information.

To mitigate the defects, consumers are encouraged to update to MMP model 1..4 or increased, PTP C5c and C5x edition 2.90 or increased, and PTMP A5x and C-sequence version 2.9. or bigger.

Prevent Data Breaches

In addition, CISA is advising vulnerable companies to minimize network publicity, isolate manage technique networks from the enterprise network, and use digital non-public networks (VPNs) for remote accessibility to mitigate the risk of exploitation of these vulnerabilities.

The disclosure also will come as Cisco Talos published details on a sequence of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W Wi-Fi-linked edge system, which could allow for an attacker to perform a guy-in-the-center (MitM) attack and execute distant code on the qualified device.

Found this report fascinating? Observe THN on Fb, Twitter  and LinkedIn to read through a lot more distinctive articles we write-up.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «hackers exploited 0 day vulnerability in zimbra email platform to spy Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
Next Post: Cynet Log4Shell Webinar: A Thorough – And Clear – Explanation cynet log4shell webinar: a thorough and clear explanation»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
  • Meta Adds Passkey Login Support to Facebook for Android and iOS Users

Copyright © TheCyberSecurity.News, All Rights Reserved.