search menu icon-carat-right cmu-wordmark

CERT Coordination Center

AirSpan WiMAX ProST web management interface authentication bypass vulnerability

Vulnerability Note VU#248372

Original Release Date: 2008-03-06 | Last Revised: 2008-04-10

Overview

The AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes.

Description

The AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web management interface of the Airspan WiMax ProST does not properly authenticate HTTP POST requests.

Impact

By sending HTTP POST requests to a vulnerable ProST device, a remote, unauthenticated attacker may be able to make arbitrary configuration changes. The attacker could potentially disable the device by uploading an invalid firmware image.

Solution

Upgrade

From AirSpan WiMAX product bulletin PB/ASM/2008/016 Rev A:
A new version of SS has been made available as a SW patch to solve the above issue. This new version forms System Release 6.5.2 & 6.6.2 for MicroMAX and HiperMAX systems respectively.

Restrict access

Restrict access to the web management interface to trusted networks. If possible, configure management and transit networks for separate VLANs, or restrict access to the device using IP access lists.

Vendor Information

248372
 
Affected   Unknown   Unaffected

Airspan

Notified:  December 27, 2007 Updated:  March 13, 2008

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems, Inc.

Notified:  March 12, 2008 Updated:  March 12, 2008

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Arthur Lashin for reporting this vulnerability and Francis Lacoste-Cordeau for information that was used in this report..

This document was written by Ryan Giobbi.

Other Information

CVE IDs: CVE-2008-1262
Severity Metric: 6.48
Date Public: 2008-03-06
Date First Published: 2008-03-06
Date Last Updated: 2008-04-10 16:25 UTC
Document Revision: 31

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.