CVE-2017-7918
Last modified
CVE-2017-7918 is a vulnerability of currently unknown severity. An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. EPSS estimates a 6.65% chance of exploitation in the next 30 days.
Description
An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cambium Networks | Epmp 1000 Firmware | All versions |
| Cambium Networks | Epmp Elevate Firmware | All versions |
| Cambium Networks | Epmp 2000 Firmware | All versions |
| Cambium Networks | Epmp 1000 Hotspot Firmware | All versions |
References
- http://www.securityfocus.com/bid/99083Third Party Advisory, US Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/99083Third Party Advisory, US Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7918?
How severe is CVE-2017-7918?
How do I fix CVE-2017-7918?
Are you affected by CVE-2017-7918?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST