CVE-2017-7918 : An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration

An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.

Published 2017-06-21 19:29:00

Updated 2019-10-09 23:29:58

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2017-7918

Probability of exploitation activity in the next 30 days: 0.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 40 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2017-7918

Cambium ePMP 1000 SNMP Enumeration

First seen: 2020-04-26

auxiliary/scanner/snmp/epmp1000_snmp_loot

Cambium devices (ePMP, PMP, Force, & others) can be administered using SNMP. The device configuration contains IP addresses, keys, and passwords, amongst other information. This module uses SNMP to extract Cambium ePMP device configuration. On certain software versio

More information

CVSS scores for CVE-2017-7918

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.8	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L	2.1	4.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: Low Availability: Low

CWE ids for CVE-2017-7918

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: nvd@nist.gov (Primary)
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: ics-cert@hq.dhs.gov (Secondary)

References for CVE-2017-7918

https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01

Cambium Networks ePMP | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url
http://www.securityfocus.com/bid/99083

Cambium Networks ePMP ICSA-17-166-01 Privilege Escalation and Access Bypass Vulnerabilities
Third Party Advisory;US Government Resource

CVEs referencing this url

Products affected by CVE-2017-7918

Cambium Networks » Epmp 1000 Firmware » Version: N/A
cpe:2.3:o:cambium_networks:epmp_1000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cambium Networks » Epmp 1000 » Version: N/A
Cambium Networks » Epmp Elevate Firmware » Version: N/A
cpe:2.3:o:cambium_networks:epmp_elevate_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cambium Networks » Epmp Elevate » Version: N/A
Cambium Networks » Epmp 2000 Firmware » Version: N/A
cpe:2.3:o:cambium_networks:epmp_2000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cambium Networks » Epmp 2000 » Version: N/A
Cambium Networks » Epmp 1000 Hotspot Firmware » Version: N/A
cpe:2.3:o:cambium_networks:epmp_1000_hotspot_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cambium Networks » Epmp 1000 Hotspot » Version: N/A