Get in Touch
Critical Vulnerabilities in Mimosa by Airspan devices
Seven vulnerabilities have been identified against the affected products. Of the seven vulnerabilities, three scored 10/10 on the CVSS Scale and all should have been picked up as part of a basic OWASP-aligned assessment or penetration test. The least severe of the vulnerabilities is the use of unsalted MD5 hashing to protect passwords. Other vulnerabilities include /SQL injection/, /lack of input validation/ and /improper or failure to perform authorisation checks on API calls/.
– Denial of Service (DoS)
– Data Loss – including user data, organization details, and other sensitive data
– Compromise of Mimosa’s Amazon based cloud services (EC2 Instances and S3 Buckets)
– Remote Code Execution (RCE) on all cloud-connected Mimosa devices
– Mimosa Management Platform (MMP): up to version 1.0.3
– Point-To-Point (PTP) C5x and C5c devices: up to version 22.214.171.124
– Point-To-Multi-Point (PTMP) C5c, C5x, C6x and A5x: Device versions prior to v126.96.36.199
The Mimosa Management Platform and cloud-based monitoring should help identify the firmware versions of devices in use.
Containment, Mitigations & Remediations
The only remediation option available at this time is to apply the released patches and to undertake follow-up investigations to identify if compromise has taken place and if any persistence mechanisms have been deployed.
Indicators of Compromise
There are no IoCs at this time.
Mimosa and Airspan are not well-known outside of their field, but have enjoyed great success since their inception. This is in part because of sanctions against Chinese suppliers of similar products, such as Huawei. Their products are found in organisations who need PTP or PTMP communications to interconnect sites and Industrial Control Systems, as well as some telco providers.
DoS or data loss via compromise of associated management systems may have a profound effect on both corporate and national critical infrastructure.
T0883 – Internet Accessible Device
T1110.002 – Brute Force: Password Cracking
T0859 – Valid Accounts
T1498 – Network Denial of Service
T0882 – Theft of Operational Information
T0881 – Data from Information Repositories
T0874 – Hooking