Lucene search

K
cve[email protected]CVE-2017-5258
HistoryDec 20, 2017 - 10:29 p.m.

CVE-2017-5258

2017-12-2022:29:00
CWE-79
web.nvd.nist.gov
25
cve-2017-5258
cambium networks
epmp firmware
snmp
xss
configuration restore

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.5%

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker’s supplied config file, including the inserted XSS strings.

Affected configurations

NVD
Node
cambiumnetworksepmp_1000_firmwareRange3.5
AND
cambiumnetworksepmp_1000Match-
Node
cambiumnetworksepmp_2000_firmwareRange3.5
AND
cambiumnetworksepmp_2000Match-

CNA Affected

[
  {
    "product": "ePMP",
    "vendor": "Cambium Networks",
    "versions": [
      {
        "status": "affected",
        "version": "3.5 and prior"
      }
    ]
  }
]

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.5%

Related for CVE-2017-5258