The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an Industrial Controls Systems Advisory (ICSA) warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service (DoS) condition, and obtain sensitive information.
"Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa's AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices," CISA said in the alert.
The seven flaws, which were discovered and reported to CISA by industrial cybersecurity company Claroty, affect the following products —
- Mimosa Management Platform (MMP) running versions prior to v1.0.3
- Point-to-Point (PTP) C5c and C5x running versions prior to v184.108.40.206, and
- Point-to-Multipoint (PTMP) A5x and C-series (C5c, C5x, and C6x) running versions prior to v220.127.116.11
Airspan Network's Mimosa product line provides hybrid fiber-wireless (HFW) network solutions to service providers, industrial, and government operators for both short and long-range broadband deployments.
The critical bugs are part of seven total vulnerabilities, three of which are rated 10 out of 10 on the CVSS vulnerability-severity scale, effectively enabling an adversary to execute arbitrary code, access secret keys, and even modify configurations.
Four other remaining flaws could allow an attacker to inject arbitrary commands, crack hashed (but not salted) passwords, and gain unauthorized access to sensitive information.
To mitigate the defects, users are recommended to update to MMP version 1.0.4 or higher, PTP C5c and C5x version 2.90 or higher, and PTMP A5x and C-series version 2.9.0 or higher.
In addition, CISA is advising vulnerable organizations to minimize network exposure, isolate control system networks from the business network, and use virtual private networks (VPNs) for remote access to mitigate the risk of exploitation of these vulnerabilities.
The disclosure also comes as Cisco Talos published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W Wi-Fi-connected edge device, which could allow an attacker to conduct a man-in-the-middle (MitM) attack and execute remote code on the targeted device.
Update: In a statement shared with The Hacker News, Jaime Fink, Airspan VP of technology, said —
The issue was identified in August 2021 by a security vulnerability research team, and reported to Airspan via our Security Incident Response Team (SIRT) procedures. We immediately addressed and rapidly resolved these issues via firmware and software updates to our user’s devices, servers, and Airspan’s cloud platforms — through the proper channel via the CISA announcement and Airspan rectification response.
The identified device issues would require multiple security layers which greatly reduced any potential vulnerability (knowledge of device password or breach, as well as private network access) as well as vulnerability know-how. All systems were fixed months ago and users provided with the vulnerability information in the subsequent releases.
Our customers should be confident that we take data security seriously and promptly addressed the issue last year. We will continue to deliver the same secure, quality portfolio of solutions to our customers as we have for the past 20 years.