var-201706-0664
Vulnerability from variot
An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes. Cambium Networks ePMP Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cambium Networks ePMP is a wireless network access platform from Cambium Networks of the United States. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. Exploiting these issues will allow attackers to bypass certain security restrictions and gain elevated privileges. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0664",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epmp 1000 hotspot",
"scope": "eq",
"trust": 1.6,
"vendor": "cambium",
"version": null
},
{
"model": "epmp elevate",
"scope": "eq",
"trust": 1.6,
"vendor": "cambium",
"version": null
},
{
"model": "epmp 1000",
"scope": "eq",
"trust": 1.6,
"vendor": "cambium",
"version": null
},
{
"model": "epmp 2000",
"scope": "eq",
"trust": 1.6,
"vendor": "cambium",
"version": null
},
{
"model": "epmp 1000 hotspot",
"scope": null,
"trust": 0.8,
"vendor": "cambium",
"version": null
},
{
"model": "epmp 1000",
"scope": null,
"trust": 0.8,
"vendor": "cambium",
"version": null
},
{
"model": "epmp 2000",
"scope": null,
"trust": 0.8,
"vendor": "cambium",
"version": null
},
{
"model": "epmp elevate",
"scope": null,
"trust": 0.8,
"vendor": "cambium",
"version": null
},
{
"model": "networks epmp",
"scope": "eq",
"trust": 0.6,
"vendor": "cambium",
"version": "1000"
},
{
"model": "networks epmp",
"scope": "eq",
"trust": 0.3,
"vendor": "cambium",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "epmp 1000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "epmp elevate",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "epmp 2000",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "epmp 1000 hotspot",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5"
},
{
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"db": "BID",
"id": "99083"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1048"
},
{
"db": "NVD",
"id": "CVE-2017-7922"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cambium_networks:epmp_1000_hotspot_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cambium_networks:epmp_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cambium_networks:epmp_2000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cambium_networks:epmp_elevate_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "99083"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7922",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-7922",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-14371",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-116125",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7922",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7922",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7922",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-14371",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1048",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116125",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5"
},
{
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"db": "VULHUB",
"id": "VHN-116125"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1048"
},
{
"db": "NVD",
"id": "CVE-2017-7922"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes. Cambium Networks ePMP Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cambium Networks ePMP is a wireless network access platform from Cambium Networks of the United States. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. \nExploiting these issues will allow attackers to bypass certain security restrictions and gain elevated privileges. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7922"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"db": "BID",
"id": "99083"
},
{
"db": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5"
},
{
"db": "VULHUB",
"id": "VHN-116125"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7922",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-166-01",
"trust": 2.8
},
{
"db": "BID",
"id": "99083",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1048",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-14371",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033",
"trust": 0.8
},
{
"db": "IVD",
"id": "7E18F705-06A8-4D57-9A91-41D9EB777AD5",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116125",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5"
},
{
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"db": "VULHUB",
"id": "VHN-116125"
},
{
"db": "BID",
"id": "99083"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1048"
},
{
"db": "NVD",
"id": "CVE-2017-7922"
}
]
},
"id": "VAR-201706-0664",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5"
},
{
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"db": "VULHUB",
"id": "VHN-116125"
}
],
"trust": 1.79285713
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5"
},
{
"db": "CNVD",
"id": "CNVD-2017-14371"
}
]
},
"last_update_date": "2024-11-23T22:30:46.512000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cambiumnetworks.com/"
},
{
"title": "Cambium Networks ePMP Privilege Escalation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/98072"
},
{
"title": "Cambium Networks ePMP Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100393"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116125"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"db": "NVD",
"id": "CVE-2017-7922"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-166-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/99083"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7922"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7922"
},
{
"trust": 0.3,
"url": "http://www.cambiumnetworks.com/products/access/epmp-1000/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"db": "VULHUB",
"id": "VHN-116125"
},
{
"db": "BID",
"id": "99083"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1048"
},
{
"db": "NVD",
"id": "CVE-2017-7922"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5"
},
{
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"db": "VULHUB",
"id": "VHN-116125"
},
{
"db": "BID",
"id": "99083"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1048"
},
{
"db": "NVD",
"id": "CVE-2017-7922"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-13T00:00:00",
"db": "IVD",
"id": "7e18f705-06a8-4d57-9a91-41d9eb777ad5"
},
{
"date": "2017-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"date": "2017-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-116125"
},
{
"date": "2017-06-14T00:00:00",
"db": "BID",
"id": "99083"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1048"
},
{
"date": "2017-06-21T19:29:00.433000",
"db": "NVD",
"id": "CVE-2017-7922"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14371"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-116125"
},
{
"date": "2017-06-14T00:00:00",
"db": "BID",
"id": "99083"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005033"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1048"
},
{
"date": "2024-11-21T03:32:58.280000",
"db": "NVD",
"id": "CVE-2017-7922"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1048"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cambium Networks ePMP Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005033"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1048"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…