CVE-2017-5254 : In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrati

In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.

Published 2017-12-20 22:29:00

Updated 2019-10-09 23:28:16

Source Rapid7, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2017-5254

Cambiumnetworks » Epmp 1000 Firmware
Versions up to, including, (<=) 3.5
cpe:2.3:o:cambiumnetworks:epmp_1000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cambiumnetworks » Epmp 1000 » Version: N/A
Cambiumnetworks » Epmp 2000 Firmware
Versions up to, including, (<=) 3.5
cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cambiumnetworks » Epmp 2000 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-5254

EPSS FAQ

68.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2017-5254

Cambium ePMP 1000 Account Password Reset

First seen: 2020-04-26

auxiliary/scanner/http/epmp1000_reset_pass

This module exploits an access control vulnerability in Cambium ePMP device management portal. It requires any one of the following non-admin login credentials - installer/installer, home/home - to reset password of other existing user(s) including 'admin'. A

More information

CVSS scores for CVE-2017-5254

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-5254

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: nvd@nist.gov (Primary)
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: cve@rapid7.con (Secondary)

References for CVE-2017-5254

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/

R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to