6.8
CVE-2017-7918
- EPSS 6.65%
- Veröffentlicht 21.06.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginAn Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cambium Networks ≫ Epmp 1000 Firmware Version-
Cambium Networks ≫ Epmp Elevate Firmware Version-
Cambium Networks ≫ Epmp 2000 Firmware Version-
Cambium Networks ≫ Epmp 1000 Hotspot Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.65% | 0.93 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 2.1 | 4.7 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
http://www.securityfocus.com/bid/99083
https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01