CVE-2022-36310 Vulnerability Details

  /     /     /  

CVE-2022-36310 Metadata Quick Info

CVE Published: 16/08/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: facebook | Vendor: Airspan | Product: AirVelocity
Status : PUBLISHED

---

CVE-2022-36310 Description

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-242
CWE Name: Use of Inherently Dangerous Function (CWE-242)
Source: Airspan

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).