Last Updated on 05/02/2022 by Nidhi Khandelwal
The United States Cybersecurity and Infrastructure Security Agency (CISA) issued an Industrial Controls Systems Advisory (ICSA) on Thursday, warning of multiple vulnerabilities in Airspan Networks Mimosa equipment that could be exploited to gain remote code execution, cause a denial-of-service (DoS) condition, and obtain sensitive data.
Airspan Network’s Mimosa product line offers service providers, industrial, and government operators hybrid fiber-wireless (HFW) network solutions for both short and long-range broadband deployments.
The critical problems are part of a total of seven vulnerabilities, three of which are rated 10 out of 10 on the CVSS vulnerability-severity scale, allowing an attacker to run arbitrary code, obtain secret keys, and even change configurations.
An attacker may use four other weaknesses to inject arbitrary commands, crack hashed (but not salted) passwords, and obtain unauthorized access to sensitive data.
To reduce the danger of these vulnerabilities being exploited, CISA advises vulnerable firms to limit network exposure, disconnect control system networks from business networks, and use virtual private networks (VPNs) for remote access.
The news comes as Cisco Talos discloses a variety of significant vulnerabilities in Sealevel’s Wi-Fi-connected edge device, the SeaConnect 370W, that might allow an attacker to conduct a man-in-the-middle (MitM) attack and execute remote code on the targeted device.The news comes as Cisco Talos discloses a variety of significant vulnerabilities in Sealevel’s Wi-Fi-connected edge device, the SeaConnect 370W, that might allow an attacker to conduct a man-in-the-middle (MitM) attack and execute remote code on the targeted device.