CVE-2022-36307

Published Aug 16, 2022

Last updated 3 years ago

CVSS medium 6.8

Overview

Description: The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
Source: cve-assign@fb.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-522
cve-assign@fb.com: CWE-522

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB5DBFEA-0C64-4E87-A11E-6C850D4C87CE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECF71DBB-8D4C-4A82-8F4B-3907062C1379",
            "versionEndIncluding": "15.18.00.2511",
            "versionStartIncluding": "9.3.0.01249"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References