The U.S. Cybersecurity and Infrastructure Security Agency published Thursday an Industrial Controls Systems Advisory. (ICSA), which warned of numerous vulnerabilities in Airspan Networks Mimosa equipment. These could have been exploited to execute remote code, cause a denial-of service (DoS), and gain sensitive information.
“Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa’s AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices,” CISA said in the alert.
The seven flaws were reported to CISA in an industrial cybersecurity firm Claroty. They affect the following products —
- Mimosa Management Platform (MMP) running versions prior to v1.0. 3
- Point-to-Point (PTP) C5c and C5x running versions prior to v2.8.6. 1, and
- Point-to-Multipoint (PTMP) A5x and C-series (C5c, C5x, and C6x) running versions prior to v2.5.4. 1
Airspan Network’s Mimosa product line provides hybrid fiber-wireless (HFW) network solutions to service providers, industrial, and government operators for both short and long-range broadband deployments.
The critical bugs are part of seven total vulnerabilities, three of which are rated 10 out of 10 on the CVSS vulnerability-severity scale, effectively enabling an adversary to execute arbitrary code, access secret keys, and even modify configurations.
Four other remaining flaws could allow an attacker to inject arbitrary commands, crack hashed (but not salted) passwords, and gain unauthorized access to sensitive information.
To mitigate the defects, users are recommended to update to MMP version 1.0. 4 or higher, PTP C5c and C5x version 2. 90 or higher, and PTMP A5x and C-series version 2. 9.0 or higher.
CISA advises vulnerable organizations to reduce network exposure and isolate control systems networks from their business networks. They also recommend that they use virtual private network (VPNs), for remote access, to limit the possibility of exploiting these vulnerabilities.
The disclosure also comes as Cisco Talos published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W Wi-Fi-connected edge device, which could allow an attacker to conduct a man-in-the-middle (MitM) attack and execute remote code on the targeted device.