PT-2022-14916 · Mmp+2 · Mmp+2
Noam Moshe
·
Published
2022-02-18
·
Updated
2023-07-24
·
CVE-2022-21196
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MMP versions prior to 1.0.3
PTP C-series versions prior to 2.8.6.1
PTMP C-series and A5x versions prior to 2.5.4.1
Description
The issue concerns improper authorization and authentication checks on multiple API routes. This could allow an attacker to gain access to these routes, potentially achieving remote code execution, creating a denial-of-service condition, and obtaining sensitive information.
Recommendations
For MMP versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue.
For PTP C-series versions prior to 2.8.6.1, update to version 2.8.6.1 or later to resolve the issue.
For PTMP C-series and A5x versions prior to 2.5.4.1, update to version 2.5.4.1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the vulnerable API routes until a patch is available.
Fix
Improper Authorization
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
A5X
Mmp
Ptmp C-Series