Sign-up

ID

VAR-201712-0213


CVE

CVE-2017-5254


TITLE

Cambium Networks ePMP Vulnerabilities related to authorization, authority, and access control in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-011727

DESCRIPTION

In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. Cambium Networks ePMP Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A security vulnerability exists in CambiumNetworksePMP using firmware versions 3.5 and earlier. This vulnerability stems from the fact that the installer and home accounts can change the passwords of other accounts. An attacker could exploit the vulnerability to bypass password changes in other accounts by bypassing the client protection mechanism

Trust: 2.25

sources: NVD: CVE-2017-5254 // JVNDB: JVNDB-2017-011727 // CNVD: CNVD-2018-01046 // VULHUB: VHN-113457

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-01046

AFFECTED PRODUCTS

vendor:cambiumnetworksmodel:epmp 2000scope:lteversion:3.5

Trust: 1.0

vendor:cambiumnetworksmodel:epmp 1000scope:lteversion:3.5

Trust: 1.0

vendor:cambiummodel:epmp 1000scope: - version: -

Trust: 0.8

vendor:cambiummodel:epmp 2000scope: - version: -

Trust: 0.8

vendor:cambiummodel:networks epmpscope:lteversion:<=3.5

Trust: 0.6

vendor:cambiumnetworksmodel:epmp 1000scope:eqversion:3.5

Trust: 0.6

vendor:cambiumnetworksmodel:epmp 2000scope:eqversion:3.5

Trust: 0.6

sources: CNVD: CNVD-2018-01046 // JVNDB: JVNDB-2017-011727 // CNNVD: CNNVD-201701-413 // NVD: CVE-2017-5254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5254
value: HIGH

Trust: 1.0

NVD: CVE-2017-5254
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-01046
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201701-413
value: HIGH

Trust: 0.6

VULHUB: VHN-113457
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5254
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-01046
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-113457
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5254
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-01046 // VULHUB: VHN-113457 // JVNDB: JVNDB-2017-011727 // CNNVD: CNNVD-201701-413 // NVD: CVE-2017-5254

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-113457 // JVNDB: JVNDB-2017-011727 // NVD: CVE-2017-5254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-413

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201701-413

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011727

PATCH
title:ePMP 1000url:https://www.cambiumnetworks.com/products/pmp-distribution/epmp-1000/
Trust: 0.8
title:ePMP 2000url:https://www.cambiumnetworks.com/products/pmp-distribution/epmp-2000/
Trust: 0.8
title:CambiumNetworksePMP client protection patch to bypass privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/113505
Trust: 0.6
title:Cambium Networks ePMP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99619
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-01046 // 
            
            
            
            JVNDB: JVNDB-2017-011727 // 
            
            
            
            CNNVD: CNNVD-201701-413

EXTERNAL IDS
db:NVDid:CVE-2017-5254
Trust: 3.1
db:JVNDBid:JVNDB-2017-011727
Trust: 0.8
db:CNNVDid:CNNVD-201701-413
Trust: 0.7
db:CNVDid:CNVD-2018-01046
Trust: 0.6
db:VULHUBid:VHN-113457
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-01046 // 
            
            
            
            VULHUB: VHN-113457 // 
            
            
            
            JVNDB: JVNDB-2017-011727 // 
            
            
            
            CNNVD: CNNVD-201701-413 // 
            
            
            
            NVD: CVE-2017-5254

REFERENCES
url:https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5254
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5254
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-01046 // 
            
            
            
            VULHUB: VHN-113457 // 
            
            
            
            JVNDB: JVNDB-2017-011727 // 
            
            
            
            CNNVD: CNNVD-201701-413 // 
            
            
            
            NVD: CVE-2017-5254

SOURCES
db:CNVDid:CNVD-2018-01046
db:VULHUBid:VHN-113457
db:JVNDBid:JVNDB-2017-011727
db:CNNVDid:CNNVD-201701-413
db:NVDid:CVE-2017-5254

LAST UPDATE DATE
2024-11-23T21:40:07.639000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-01046date:2018-01-16T00:00:00
db:VULHUBid:VHN-113457date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-011727date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201701-413date:2019-10-17T00:00:00
db:NVDid:CVE-2017-5254date:2024-11-21T03:27:22.360

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-01046date:2018-01-16T00:00:00
db:VULHUBid:VHN-113457date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-011727date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201701-413date:2017-01-17T00:00:00
db:NVDid:CVE-2017-5254date:2017-12-20T22:29:00.307