CVE-2017-7922

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.

CVSS v3 7.6 HIGH
CVSS v2.0 6.5 MEDIUM

7.6^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/99083	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cambium_networks:epmp_1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cambium_networks:epmp_1000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cambium_networks:epmp_elevate_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cambium_networks:epmp_elevate:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cambium_networks:epmp_2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cambium_networks:epmp_2000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cambium_networks:epmp_1000_hotspot_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cambium_networks:epmp_1000_hotspot:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-21 19:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-7922

Mitre link : CVE-2017-7922

CVE.ORG link : CVE-2017-7922

JSON object : View

Products Affected

cambium_networks

epmp_1000_firmware
epmp_1000_hotspot
epmp_1000_hotspot_firmware
epmp_elevate_firmware
epmp_2000_firmware
epmp_2000
epmp_1000
epmp_elevate

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2017-7922", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2017-06-21T19:29:00.433", "references": [{"url": "http://www.securityfocus.com/bid/99083", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes."}, {"lang": "es", "value": "Se ha descubierto un problema de gesti\u00f3n incorrecta de privilegios en Cambium Networks ePMP. Los privilegios de las cadenas de comunidad SNMP no se restringen correctamente, lo que podr\u00eda permitir que un atacante obtenga acceso a informaci\u00f3n sensible y, posiblemente, permitir cambios en la configuraci\u00f3n."}], "lastModified": "2019-10-09T23:29:58.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_1000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F8AFE87-7DE5-4D09-AC45-DDD967939A37"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A64386E5-D470-4D75-8DBC-1686285BE06F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_elevate_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1A9AA7F-3427-412B-A3D1-0F48E5FD3394"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_elevate:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44737752-57D7-4DB3-B9F4-D7E52189F511"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_2000_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B140BE5-6FD1-4588-839E-461658EC851D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51C390E5-C5B7-449A-AFA1-8C746F08D7C6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_1000_hotspot_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "462EBA74-3C0D-427D-8993-BAC5383D8AF9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_1000_hotspot:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC142E94-06B3-4C18-A281-042B66AAB51E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}