CVE-2022-21800 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
icscert	CNA	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Vendor	Product	Version
airspan	mimosa_management_platform	𝑥 < 1.0.3
airspan	c6x_firmware	𝑥 < 2.8.6.1
airspan	c5x_firmware	𝑥 < 2.8.6.1
airspan	c5c_firmware	𝑥 < 2.8.6.1
airspan	a5x_firmware	𝑥 < 2.5.4.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
CWE-326 - Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02

https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02