Vulnerability Details : CVE-2017-7918
Public exploit exists!
An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2017-7918
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 40 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2017-7918
-
Cambium ePMP 1000 SNMP Enumeration
First seen: 2020-04-26auxiliary/scanner/snmp/epmp1000_snmp_lootCambium devices (ePMP, PMP, Force, & others) can be administered using SNMP. The device configuration contains IP addresses, keys, and passwords, amongst other information. This module uses SNMP to extract Cambium ePMP device configuration. On certain software versio
CVSS scores for CVE-2017-7918
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
6.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L |
2.1
|
4.7
|
NIST |
CWE ids for CVE-2017-7918
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2017-7918
-
https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01
Cambium Networks ePMP | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/99083
Cambium Networks ePMP ICSA-17-166-01 Privilege Escalation and Access Bypass VulnerabilitiesThird Party Advisory;US Government Resource
Products affected by CVE-2017-7918
- cpe:2.3:o:cambium_networks:epmp_1000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cambium_networks:epmp_elevate_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cambium_networks:epmp_2000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cambium_networks:epmp_1000_hotspot_firmware:-:*:*:*:*:*:*:*