CVE-2022-36310

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm	Exploit Third Party Advisory
https://helpdesk.airspan.com/browse/TRN3-1689	Permissions Required Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*

History

17 Aug 2022, 14:21

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:h:airspan:airvelocity_1500:-:::::::* cpe:2.3:o:airspan:airvelocity_1500_firmware::::::::
References	~~(MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm -~~	(MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm - Exploit, Third Party Advisory
References	~~(CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1689 -~~	(CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1689 - Permissions Required, Vendor Advisory

16 Aug 2022, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-16 01:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-36310

Mitre link : CVE-2022-36310

CVE.ORG link : CVE-2022-36310

JSON object : View

Products Affected

airspan

airvelocity_1500_firmware
airvelocity_1500

CWE

NVD-CWE-noinfo CWE-242

Use of Inherently Dangerous Function

{"id": "CVE-2022-36310", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-08-16T01:15:13.833", "references": [{"url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm", "tags": ["Exploit", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://helpdesk.airspan.com/browse/TRN3-1689", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-242"}]}], "descriptions": [{"lang": "en", "value": "Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models."}, {"lang": "es", "value": "Airspan AirVelocity 1500 versiones anteriores a 15.18.00.2511, ten\u00eda habilitada la funci\u00f3n NET-SNMP-EXTEND-MIB en su servicio snmpd, lo que permite a un atacante con capacidad de escritura en SNMP ejecutar comandos como root en el eNodeB. Este problema puede afectar a otros modelos AirVelocity y AirSpeed."}], "lastModified": "2022-08-17T14:21:30.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECF71DBB-8D4C-4A82-8F4B-3907062C1379", "versionEndIncluding": "15.18.00.2511", "versionStartIncluding": "9.3.0.01249"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB5DBFEA-0C64-4E87-A11E-6C850D4C87CE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-assign@fb.com"}