VAR-201712-0213
Vulnerability from variot - Updated: 2023-12-18 14:05In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. Cambium Networks ePMP Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A security vulnerability exists in CambiumNetworksePMP using firmware versions 3.5 and earlier. This vulnerability stems from the fact that the installer and home accounts can change the passwords of other accounts. An attacker could exploit the vulnerability to bypass password changes in other accounts by bypassing the client protection mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0213",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epmp 2000",
"scope": "lte",
"trust": 1.0,
"vendor": "cambiumnetworks",
"version": "3.5"
},
{
"model": "epmp 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "cambiumnetworks",
"version": "3.5"
},
{
"model": "epmp 1000",
"scope": null,
"trust": 0.8,
"vendor": "cambium",
"version": null
},
{
"model": "epmp 2000",
"scope": null,
"trust": 0.8,
"vendor": "cambium",
"version": null
},
{
"model": "networks epmp",
"scope": "lte",
"trust": 0.6,
"vendor": "cambium",
"version": "\u003c=3.5"
},
{
"model": "epmp 1000",
"scope": "eq",
"trust": 0.6,
"vendor": "cambiumnetworks",
"version": "3.5"
},
{
"model": "epmp 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "cambiumnetworks",
"version": "3.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cambiumnetworks:epmp_1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cambiumnetworks:epmp_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cambiumnetworks:epmp_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5254"
}
]
},
"cve": "CVE-2017-5254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5254",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-01046",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-113457",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5254",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5254",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-01046",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-413",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-113457",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users \u0027installer\u0027 and \u0027home\u0027 have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. Cambium Networks ePMP Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A security vulnerability exists in CambiumNetworksePMP using firmware versions 3.5 and earlier. This vulnerability stems from the fact that the installer and home accounts can change the passwords of other accounts. An attacker could exploit the vulnerability to bypass password changes in other accounts by bypassing the client protection mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5254",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01046",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-113457",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"id": "VAR-201712-0213",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
}
],
"trust": 1.6230769
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
}
]
},
"last_update_date": "2023-12-18T14:05:37.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ePMP 1000",
"trust": 0.8,
"url": "https://www.cambiumnetworks.com/products/pmp-distribution/epmp-1000/"
},
{
"title": "ePMP 2000",
"trust": 0.8,
"url": "https://www.cambiumnetworks.com/products/pmp-distribution/epmp-2000/"
},
{
"title": "CambiumNetworksePMP client protection patch to bypass privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113505"
},
{
"title": "Cambium Networks ePMP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99619"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5254"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5254"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-113457"
},
{
"date": "2018-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"date": "2017-12-20T22:29:00.307000",
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"date": "2017-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-113457"
},
{
"date": "2018-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"date": "2019-10-09T23:28:15.870000",
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cambium Networks ePMP Vulnerabilities related to authorization, authority, and access control in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…