CVE-2022-36310

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpdesk.airspan.com/browse/TRN3-1689	Permissions Required Vendor Advisory
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*

Information

Published : 2022-08-15 18:15

Updated : 2022-08-17 07:21

NVD link : CVE-2022-36310

Mitre link : CVE-2022-36310

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

airspan

airvelocity_1500_firmware
airvelocity_1500

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://helpdesk.airspan.com/browse/TRN3-1689", "name": "https://helpdesk.airspan.com/browse/TRN3-1689", "tags": ["Permissions Required", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm", "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-36310", "ASSIGNER": "cve-assign@fb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2022-08-16T01:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "15.18.00.2511", "versionStartIncluding": "9.3.0.01249"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-17T14:21Z"}

8.8 /10