Main Vulnerability Database Vulnerabilities #VU60304

#VU60304 Use of a broken or risky cryptographic algorithm in Airspan Networks products - CVE-2022-21800

Published: February 4, 2022

Vulnerability identifier: #VU60304

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-21800

CWE-ID: CWE-327

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MMP
PTP C-series
PTMP C-series
PTMP A5x

Software vendor:
Airspan Networks

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the affected product uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. A remote authenticated attacker can crack the hashed passwords.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-22-034-02