CVE-2022-36309

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4	Exploit Third Party Advisory
https://helpdesk.airspan.com/browse/TRN3-1690	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*

History

17 Aug 2022, 14:19

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE		CWE-78
CPE		cpe:2.3:h:airspan:airvelocity_1500:-:::::::* cpe:2.3:o:airspan:airvelocity_1500_firmware::::::::
References	~~(MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4 -~~	(MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4 - Exploit, Third Party Advisory
References	~~(CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1690 -~~	(CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1690 - Permissions Required, Vendor Advisory

16 Aug 2022, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-16 01:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-36309

Mitre link : CVE-2022-36309

CVE.ORG link : CVE-2022-36309

JSON object : View

Products Affected

airspan

airvelocity_1500_firmware
airvelocity_1500

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-36309", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-08-16T01:15:13.707", "references": [{"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4", "tags": ["Exploit", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://helpdesk.airspan.com/browse/TRN3-1690", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models."}, {"lang": "es", "value": "Airspan AirVelocity 1500 versiones del software anteriores a 15.18.00.2511, presentan una vulnerabilidad de inyecci\u00f3n de comandos de root en el par\u00e1metro ActiveBank del script recoverySubmit.cgi que se ejecuta en la interfaz de usuario de administraci\u00f3n web del eNodeB. Este problema puede afectar a otros modelos AirVelocity y AirSpeed."}], "lastModified": "2022-08-17T14:19:11.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECF71DBB-8D4C-4A82-8F4B-3907062C1379", "versionEndIncluding": "15.18.00.2511", "versionStartIncluding": "9.3.0.01249"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB5DBFEA-0C64-4E87-A11E-6C850D4C87CE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-assign@fb.com"}