CVE-2017-7918

An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.

CVSS v3 6.8 MEDIUM
CVSS v2.0 6.0 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Exploitability : 2.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/99083	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cambium_networks:epmp_1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cambium_networks:epmp_1000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cambium_networks:epmp_elevate_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cambium_networks:epmp_elevate:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cambium_networks:epmp_2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cambium_networks:epmp_2000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cambium_networks:epmp_1000_hotspot_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cambium_networks:epmp_1000_hotspot:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-21 19:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-7918

Mitre link : CVE-2017-7918

CVE.ORG link : CVE-2017-7918

JSON object : View

Products Affected

cambium_networks

epmp_1000_firmware
epmp_1000_hotspot
epmp_1000_hotspot_firmware
epmp_elevate_firmware
epmp_2000_firmware
epmp_2000
epmp_1000
epmp_elevate

CWE

CWE-269

Improper Privilege Management

CWE-284

Improper Access Control

{"id": "CVE-2017-7918", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.1}]}, "published": "2017-06-21T19:29:00.400", "references": [{"url": "http://www.securityfocus.com/bid/99083", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes."}, {"lang": "es", "value": "Se ha descubierto un problema de control de acceso incorrecto en Cambium Networks ePMP. Una vez un usuario v\u00e1lido haya empleado la exportaci\u00f3n de configuraci\u00f3n SNMP, un atacante podr\u00eda desencadenar de forma remota las copias de seguridad de la configuraci\u00f3n del dispositivo mediante MIB espec\u00edficos. Estas copias carecen de un control de acceso correcto y podr\u00edan permitir el acceso a informaci\u00f3n sensible y, posiblemente, permitir cambios en la configuraci\u00f3n."}], "lastModified": "2019-10-09T23:29:57.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_1000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F8AFE87-7DE5-4D09-AC45-DDD967939A37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A64386E5-D470-4D75-8DBC-1686285BE06F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_elevate_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1A9AA7F-3427-412B-A3D1-0F48E5FD3394"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_elevate:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44737752-57D7-4DB3-B9F4-D7E52189F511"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_2000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B140BE5-6FD1-4588-839E-461658EC851D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51C390E5-C5B7-449A-AFA1-8C746F08D7C6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_1000_hotspot_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "462EBA74-3C0D-427D-8993-BAC5383D8AF9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_1000_hotspot:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC142E94-06B3-4C18-A281-042B66AAB51E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}