Main Vulnerability Database Vulnerabilities #VU60304

Use of a broken or risky cryptographic algorithm in Airspan Networks products - CVE-2022-21800

Published: February 4, 2022

Vulnerability identifier: #VU60304

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-21800

CWE-ID: CWE-327

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Airspan Networks

Affected software:
MMP
PTP C-series
PTMP C-series
PTMP A5x

Detailed vulnerability description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the affected product uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. A remote authenticated attacker can crack the hashed passwords.

How to mitigate CVE-2022-21800

Install updates from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/icsa-22-034-02

Use of a broken or risky cryptographic algorithm in Airspan Networks products - CVE-2022-21800

Detailed vulnerability description

How to mitigate CVE-2022-21800

Sources

Please verify you're human