CVE-2017-7918
Published Jun 21, 2017
Last updated 5 years ago
Overview
- Description
- An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 4.7
- Exploitability score
- 2.1
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cambium_networks:epmp_1000_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F8AFE87-7DE5-4D09-AC45-DDD967939A37"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cambium_networks:epmp_1000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A64386E5-D470-4D75-8DBC-1686285BE06F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cambium_networks:epmp_elevate_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1A9AA7F-3427-412B-A3D1-0F48E5FD3394"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cambium_networks:epmp_elevate:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "44737752-57D7-4DB3-B9F4-D7E52189F511"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cambium_networks:epmp_2000_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B140BE5-6FD1-4588-839E-461658EC851D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cambium_networks:epmp_2000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "51C390E5-C5B7-449A-AFA1-8C746F08D7C6"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cambium_networks:epmp_1000_hotspot_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "462EBA74-3C0D-427D-8993-BAC5383D8AF9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cambium_networks:epmp_1000_hotspot:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AC142E94-06B3-4C18-A281-042B66AAB51E"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]