Cambium Networks has issued upgrade packages for their on-premises cnMaestro product for fixing a vulnerability which allowed a pre-auth data exfiltration through improper neutralization of special elements used in an SQL statement.

The affected products are:

  • All versions prior to 3.0.3-r32
  • All versions prior to 2.4.2-r29
  • All versions prior to 3.0.0-r34

An attacker exploiting this vulnerability might be able to exfiltrate useful information such as SSH Keys or passwords hashes. Cambium Networks recommends that customers using the on-prem version of cnMaestro in their infrastructure apply one of the following upgrade packages:

  • 0.3-r32
  • 4.2-r29
  • 0.0-r34

The NetScaler research team has released updated Web App Firewall (WAF) signatures designed to mitigate risks associated with CVE-2022-1361:

Signature Rule CVE ID Description
998818 CVE-2022-1361 WEB-MISC On-Premises Cambium Networks cnMaestro – SQL Injection Vulnerability Via MAC (CVE-2022-1361)
998819 CVE-2022-1361 WEB-MISC On-Premises Cambium Networks cnMaestro – SQL Injection Vulnerability Via Serial Number (CVE-2022-1361)

Customers using WAF can mitigate the risk to their apps from this vulnerability by downloading the signature version 99 and applying it to their WAF deployments as an additional layer of protection for their applications. Please note:

  • Signatures are compatible with the following software versions of NetScaler: 11.1, 12.0, 12.1, 13.0, and 13.1.
  • Please note that versions 11.1 and 12.0 have reached EoL.

If you are already using WAF with signatures with the auto-update feature enabled, follow these steps after verifying that the signature version is at least version 99:

  1. Search your signatures for LogString by providing the value “CVE-2022-1361.”
  2. Select the presented signature rules with ID 998818, 998819.
  3. Choose “Enable Rules” and click OK.

We recommend that WAF customers use the latest signature version, enable signature auto-update, and subscribe to receive signature alert notifications. We will continue to monitor this dynamic situation and update as new mitigations become available.

Additional Information

WAF has a single code base across physical, virtual, bare-metal, and containers. This signature update applies to all WAF form factors and deployment models.

Check out our alert articles and bot signature articles to learn more about WAF signatures, and find out how you can receive signature alert notifications.

Patches and Mitigations

We strongly recommend that customers apply patches (from Cambium Networks and/or other vendors) as soon as they are made available. Until a patch is made available, you may reduce the risk of a successful attack by applying mitigations. Mitigations should not be considered full solutions as they do not fully address the underlying issue(s).

Learn more about Web App Firewall in our product documentation.

(Stavros Gkounis, Sr. Software Engineer, and Ratnesh Singh Thakur, Sr. Principal Software Engineer, contributed to this blog post.)