CVE-2022-36308

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x	Third Party Advisory
https://helpdesk.airspan.com/browse/TRN3-1692	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*

History

17 Aug 2022, 14:12

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
CPE		cpe:2.3:h:airspan:airvelocity_1500:-:::::::* cpe:2.3:o:airspan:airvelocity_1500_firmware::::::::
CWE		CWE-522
References	~~(CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1692 -~~	(CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1692 - Permissions Required, Vendor Advisory
References	~~(MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x -~~	(MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x - Third Party Advisory

16 Aug 2022, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-16 01:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-36308

Mitre link : CVE-2022-36308

CVE.ORG link : CVE-2022-36308

JSON object : View

Products Affected

airspan

airvelocity_1500_firmware
airvelocity_1500

CWE

CWE-522

Insufficiently Protected Credentials

CWE-256

Unprotected Storage of Credentials

{"id": "CVE-2022-36308", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-08-16T01:15:13.480", "references": [{"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x", "tags": ["Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://helpdesk.airspan.com/browse/TRN3-1692", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models."}, {"lang": "es", "value": "La interfaz de administraci\u00f3n web de Airspan AirVelocity 1500 muestra las credenciales SNMP en texto plano en las versiones de software anteriores a 15.18.00.2511, y almacena las credenciales SNMPv3 sin codificar en el sistema de archivos, lo que permite a cualquier persona con acceso a la web usar estas credenciales para manipular el eNodeB a trav\u00e9s de SNMP. Este problema puede afectar a otros modelos AirVelocity y AirSpeed."}], "lastModified": "2022-08-17T14:12:22.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECF71DBB-8D4C-4A82-8F4B-3907062C1379", "versionEndIncluding": "15.18.00.2511", "versionStartIncluding": "9.3.0.01249"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB5DBFEA-0C64-4E87-A11E-6C850D4C87CE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-assign@fb.com"}