Details of VAR-201706-0664

ID

VAR-201706-0664

CVE

CVE-2017-7922

TITLE

Cambium Networks ePMP Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-005033

DESCRIPTION

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes. Cambium Networks ePMP Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cambium Networks ePMP is a wireless network access platform from Cambium Networks of the United States. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. Exploiting these issues will allow attackers to bypass certain security restrictions and gain elevated privileges. Other attacks are also possible

Trust: 2.7

sources: NVD: CVE-2017-7922 // JVNDB: JVNDB-2017-005033 // CNVD: CNVD-2017-14371 // BID: 99083 // IVD: 7e18f705-06a8-4d57-9a91-41d9eb777ad5 // VULHUB: VHN-116125

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7e18f705-06a8-4d57-9a91-41d9eb777ad5 // CNVD: CNVD-2017-14371

AFFECTED PRODUCTS

vendor:	cambium	model:	epmp 1000 hotspot	scope:	eq	version:	-	Trust: 1.6
vendor:	cambium	model:	epmp elevate	scope:	eq	version:	-	Trust: 1.6
vendor:	cambium	model:	epmp 1000	scope:	eq	version:	-	Trust: 1.6
vendor:	cambium	model:	epmp 2000	scope:	eq	version:	-	Trust: 1.6
vendor:	cambium	model:	epmp 1000 hotspot	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	epmp 1000	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	epmp 2000	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	epmp elevate	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	networks epmp	scope:	eq	version:	1000	Trust: 0.6
vendor:	cambium	model:	networks epmp	scope:	eq	version:	0	Trust: 0.3
vendor:	epmp 1000	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	epmp elevate	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	epmp 2000	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	epmp 1000 hotspot	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 7e18f705-06a8-4d57-9a91-41d9eb777ad5 // CNVD: CNVD-2017-14371 // BID: 99083 // JVNDB: JVNDB-2017-005033 // CNNVD: CNNVD-201704-1048 // NVD: CVE-2017-7922

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7922
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-7922
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-14371
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-1048
value:	HIGH
Trust: 0.6
IVD:	7e18f705-06a8-4d57-9a91-41d9eb777ad5
value:	HIGH
Trust: 0.2
VULHUB:	VHN-116125
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7922
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-14371
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7e18f705-06a8-4d57-9a91-41d9eb777ad5
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-116125
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7922
baseSeverity:	HIGH
baseScore:	7.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	4.7
version:	3.0
Trust: 1.8

sources: IVD: 7e18f705-06a8-4d57-9a91-41d9eb777ad5 // CNVD: CNVD-2017-14371 // VULHUB: VHN-116125 // JVNDB: JVNDB-2017-005033 // CNNVD: CNNVD-201704-1048 // NVD: CVE-2017-7922

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-116125 // JVNDB: JVNDB-2017-005033 // NVD: CVE-2017-7922

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1048

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201704-1048

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005033

PATCH

title:	Top Page	url:	http://www.cambiumnetworks.com/	Trust: 0.8
title:	Cambium Networks ePMP Privilege Escalation Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/98072	Trust: 0.6
title:	Cambium Networks ePMP Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100393	Trust: 0.6

sources: CNVD: CNVD-2017-14371 // JVNDB: JVNDB-2017-005033 // CNNVD: CNNVD-201704-1048

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7922	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-166-01	Trust: 2.8
db:	BID	id:	99083	Trust: 2.6
db:	CNNVD	id:	CNNVD-201704-1048	Trust: 0.9
db:	CNVD	id:	CNVD-2017-14371	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-005033	Trust: 0.8
db:	IVD	id:	7E18F705-06A8-4D57-9A91-41D9EB777AD5	Trust: 0.2
db:	VULHUB	id:	VHN-116125	Trust: 0.1

sources: IVD: 7e18f705-06a8-4d57-9a91-41d9eb777ad5 // CNVD: CNVD-2017-14371 // VULHUB: VHN-116125 // BID: 99083 // JVNDB: JVNDB-2017-005033 // CNNVD: CNNVD-201704-1048 // NVD: CVE-2017-7922

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-166-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/99083	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7922	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7922	Trust: 0.8
url:	http://www.cambiumnetworks.com/products/access/epmp-1000/	Trust: 0.3

sources: CNVD: CNVD-2017-14371 // VULHUB: VHN-116125 // BID: 99083 // JVNDB: JVNDB-2017-005033 // CNNVD: CNNVD-201704-1048 // NVD: CVE-2017-7922

CREDITS

Karn Ganeshen

Trust: 0.3

sources: BID: 99083

SOURCES

db:	IVD	id:	7e18f705-06a8-4d57-9a91-41d9eb777ad5
db:	CNVD	id:	CNVD-2017-14371
db:	VULHUB	id:	VHN-116125
db:	BID	id:	99083
db:	JVNDB	id:	JVNDB-2017-005033
db:	CNNVD	id:	CNNVD-201704-1048
db:	NVD	id:	CVE-2017-7922

LAST UPDATE DATE

2025-04-20T23:16:06.873000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-14371	date:	2017-07-13T00:00:00
db:	VULHUB	id:	VHN-116125	date:	2019-10-09T00:00:00
db:	BID	id:	99083	date:	2017-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-005033	date:	2017-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201704-1048	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-7922	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	7e18f705-06a8-4d57-9a91-41d9eb777ad5	date:	2017-07-13T00:00:00
db:	CNVD	id:	CNVD-2017-14371	date:	2017-07-13T00:00:00
db:	VULHUB	id:	VHN-116125	date:	2017-06-21T00:00:00
db:	BID	id:	99083	date:	2017-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-005033	date:	2017-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201704-1048	date:	2017-04-21T00:00:00
db:	NVD	id:	CVE-2017-7922	date:	2017-06-21T19:29:00.433