Vulnerability Description
An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cambium Networks | Epmp 1000 Firmware | - |
| Cambium Networks | Epmp 1000 | - |
| Cambium Networks | Epmp Elevate Firmware | - |
| Cambium Networks | Epmp Elevate | - |
| Cambium Networks | Epmp 2000 Firmware | - |
| Cambium Networks | Epmp 2000 | - |
| Cambium Networks | Epmp 1000 Hotspot Firmware | - |
| Cambium Networks | Epmp 1000 Hotspot | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99083Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/99083Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-7918?
CVE-2017-7918 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups us...
How severe is CVE-2017-7918?
CVE-2017-7918 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7918?
Check the references section above for vendor advisories and patch information. Affected products include: Cambium Networks Epmp 1000 Firmware, Cambium Networks Epmp 1000, Cambium Networks Epmp Elevate Firmware, Cambium Networks Epmp Elevate, Cambium Networks Epmp 2000 Firmware.