On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published Industrial Controls Systems Advisory (ICSA) warning report informing the Airspan Networks Mimosa of multiple vulnerabilities in their network. The group of cybercriminals abused the system to gain remote code execution, obtain private data, and also create a denial-of-service (DoS) condition. 

According to the technical data, the Airspan Networks Mimosa product line facilitates hybrid fiber-wireless (HFW) network solutions to the industrial service providers, and government agencies for both short and long-range broadband deployments. 

"Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa's AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices," CISA said in the alert report. 

In the warning report, the CISA has detected seven flaws in the vulnerabilities, that affect the following products. 

• Mimosa Management Platform (MMP) running versions prior to v1.0.3 

• Point-to-Point (PTP) C5c and C5x running versions prior to v2.8.6.1

• Point-to-Multipoint (PTMP) A5x and C-series (C5c, C5x, and C6x) running versions prior to v2.5.4.1 

The agencies have recommended mitigating steps to the organizations and the users to update MMP version 1.0.4 or higher, PTP C5c and C5x version 2.90 or higher, and PTMP A5x and C-series version 2.9.0 or higher. CISA has also notified affected organizations to isolate control system networks from the business network, minimize network exposure, and use virtual private networks (VPNs) for remote access.