Home / About / Threat Intelligence / Critical Vulnerabilities in Mimosa by Airspan devices

Overview

Seven vulnerabilities have been identified against the affected products. Of the seven vulnerabilities, three scored 10/10 on the CVSS Scale and all should have been picked up as part of a basic OWASP-aligned assessment or penetration test. The least severe of the vulnerabilities is the use of unsalted MD5 hashing to protect passwords. Other vulnerabilities include /SQL injection/, /lack of input validation/ and /improper or failure to perform authorisation checks on API calls/.

Impact

– Denial of Service (DoS)
– Data Loss – including user data, organization details, and other sensitive data
– Compromise of Mimosa’s Amazon based cloud services (EC2 Instances and S3 Buckets)
– Remote Code Execution (RCE) on all cloud-connected Mimosa devices

Affected Products

– Mimosa Management Platform (MMP): up to version 1.0.3
– Point-To-Point (PTP) C5x and C5c devices: up to version 2.8.6.1
– Point-To-Multi-Point (PTMP) C5c, C5x, C6x and A5x: Device versions prior to v2.5.4.1

Vulnerability Detection

The Mimosa Management Platform and cloud-based monitoring should help identify the firmware versions of devices in use.

Containment, Mitigations & Remediations

The only remediation option available at this time is to apply the released patches and to undertake follow-up investigations to identify if compromise has taken place and if any persistence mechanisms have been deployed.

Indicators of Compromise

There are no IoCs at this time.

Threat Landscape

Mimosa and Airspan are not well-known outside of their field, but have enjoyed great success since their inception. This is in part because of sanctions against Chinese suppliers of similar products, such as Huawei. Their products are found in organisations who need PTP or PTMP communications to interconnect sites and Industrial Control Systems, as well as some telco providers.
DoS or data loss via compromise of associated management systems may have a profound effect on both corporate and national critical infrastructure.

Mitre Methodologies

T0883 – Internet Accessible Device
T1110.002 – Brute Force: Password Cracking
T0859 –  Valid Accounts
T1498 – Network Denial of Service
T0882 – Theft of Operational Information
T0881 – Data from Information Repositories
T0874 – Hooking

Further Information

ZNet 
CISA
The Hacker News