PT-2022-14929 · Mimosa · Mimosa Mmp
Noam Moshe
·
Published
2022-02-18
·
Updated
2022-02-26
·
CVE-2022-21215
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mimosa MMP versions prior to v1.0.3
PTP C-series versions prior to v2.8.6.1
PTMP C-series and A5x versions prior to v2.5.4.1
Description
This issue could allow an attacker to force the server to create and execute a web request, granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing routes on those cloud-hosting platforms, accessing secret keys, changing configurations, etc.
Recommendations
For Mimosa MMP versions prior to v1.0.3, update to version v1.0.3 or later.
For PTP C-series versions prior to v2.8.6.1, update to version v2.8.6.1 or later.
For PTMP C-series and A5x versions prior to v2.5.4.1, update to version v2.5.4.1 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mimosa Mmp