The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published an Industrial Controls Systems Advisory (ICSA) warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service (DoS) condition, and obtain sensitive information.
“Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa’s AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices,” CISA said in the alert.
The seven flaws, which were discovered and reported to CISA by industrial cybersecurity company Claroty, affect the following products —
- Mimosa Management Platform (MMP) running versions prior to v1.0.3
- Point-to-Point (PTP) C5c and C5x running versions prior to v2.8.6.1, and
- Point-to-Multipoint (PTMP) A5x and C-series (C5c, C5x, and C6x) running versions prior to v2.5.4.1
Airspan Network’s Mimosa product line provides hybrid fiber-wireless (HFW) network solutions to service providers, industrial, and government operators for both short and long-range broadband deployments.
The critical bugs are part of seven total vulnerabilities, three of which are rated 10 out of 10 on the CVSS vulnerability-severity scale, effectively enabling an adversary to execute arbitrary code, access secret keys, and even modify configurations.
Four other remaining flaws could allow an attacker to inject arbitrary commands, crack hashed (but not salted) passwords, and gain unauthorized access to sensitive information.
To mitigate the defects, users are recommended to update to MMP version 1.0.4 or higher, PTP C5c and C5x version 2.90 or higher, and PTMP A5x and C-series version 2.9.0 or higher.
In addition, CISA is advising vulnerable organizations to minimize network exposure, isolate control system networks from the business network, and use virtual private networks (VPNs) for remote access to mitigate the risk of exploitation of these vulnerabilities.
The disclosure also comes as Cisco Talos published details on a series of critical vulnerabilities that Sealevel has addressed in the SeaConnect 370W Wi-Fi-connected edge device, which could allow an attacker to conduct a man-in-the-middle (MitM) attack and execute remote code on the targeted device.