CVE-2022-0138

Description

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected products

Airspan Networks / MMPunspecified – v1.0.3
Airspan Networks / PTMP C-series and A5xunspecified – v2.5.4.1
Airspan Networks / PTP C-seriesunspecified – v2.8.6.1

References

VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02