CVE-2022-36306 Vulnerability Details

  /     /     /  

CVE-2022-36306 Metadata Quick Info

CVE Published: 16/08/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: facebook | Vendor: Airspan | Product: AirVelocity
Status : PUBLISHED

CVE-2022-36306 Description

An authenticated attacker can enumerate and download sensitive files, including the eNodeB\'s web management UI\'s TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-219
CWE Name: CWE-219, CWE-548
Source: Airspan

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2022-36306 Vulnerability Details