10 - VU#248372

Executive Summary

Summary
Title	AirSpan WiMAX ProST web management interface authentication bypass vulnerability

Informations
Name	VU#248372	First vendor Publication	2008-03-06
Vendor	VU-CERT	Last vendor Modification	2008-04-10
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#248372

AirSpan WiMAX ProST web management interface authentication bypass vulnerability

Overview

The AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes.

I. Description

The AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web management interface of the Airspan WiMax ProST does not properly authenticate HTTP POST requests.

II. Impact

By sending HTTP POST requests to a vulnerable ProST device, a remote, unauthenticated attacker may be able to make arbitrary configuration changes. The attacker could potentially disable the device by uploading an invalid firmware image.

III. Solution

Upgrade

From AirSpan WiMAX product bulletin PB/ASM/2008/016 Rev A:

A new version of SS has been made available as a SW patch to solve the above issue. This new version forms System Release 6.5.2 & 6.6.2 for MicroMAX and HiperMAX systems respectively.

Restrict access

Restrict access to the web management interface to trusted networks. If possible, configure management and transit networks for separate VLANs, or restrict access to the device using IP access lists.

Systems Affected

Vendor	Status	Date Updated
Airspan	Vulnerable	13-Mar-2008
Wind River Systems, Inc.	Unknown	12-Mar-2008

References

http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=30887
http://www.airspan.com/products_wimax_custprem_ProST.aspx
http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820
http://www.wimaxforum.org/home/
http://grouper.ieee.org/groups/802/16/
http://en.wikipedia.org/wiki/WiMAX
http://www.0x000000.com/?i=524
http://airspan4wimax.googlepages.com/

Credit

Thanks to Arthur Lashin for reporting this vulnerability and Francis Lacoste-Cordeau for information that was used in this report..

This document was written by Ryan Giobbi.

Other Information

Date Public	03/06/2008
Date First Published	03/06/2008 12:00:20 PM
Date Last Updated	04/10/2008
CERT Advisory
CVE Name	CVE-2008-1262
US-CERT Technical Alerts
Metric	6.48
Document Revision	31

Original Source

Url : http://www.kb.cert.org/vuls/id/248372

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-287	Improper Authentication

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Airspan Wimax Prost cpe:2.3:h:airspan:wimax_prost:4.1::6.5.38.0:::::	1

Open Source Vulnerability Database (OSVDB)

Id	Description
43029	Airspan WiMAX ProST Administration Panel Authentication Bypass

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	1
osvdb(s)	1

	Related
10	CVE-2008-1262
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)