CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa
Feb 04, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an Industrial Controls Systems Advisory (ICSA) warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service (DoS) condition, and obtain sensitive information. "Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa's AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices," CISA said in the alert. The seven flaws, which were discovered and reported to CISA by industrial cybersecurity company Claroty, affect the following products — Mimosa Management Platform ( MMP ) running versions prior to v1.0.3 Point-to-Point ( PTP ) C5c and C5x running versions prior to v2.8.6.1, and Point-to-Multipoint (
