CVE-2017-5261

Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.

Related CPE's

ocambiumnetworkscnpilot_r190v_firmware********

hcambiumnetworkscnpilot_r190v-*******

ocambiumnetworkscnpilot_e410_firmware********

hcambiumnetworkscnpilot_e410-*******

ocambiumnetworkscnpilot_r190n_firmware********

hcambiumnetworkscnpilot_r190n-*******

ocambiumnetworkscnpilot_e400_firmware********

hcambiumnetworkscnpilot_e400-*******

ocambiumnetworkscnpilot_e600_firmware********

hcambiumnetworkscnpilot_e600-*******

References

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/

Third Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

8.8

VectorString

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:S/C:P/I:N/A:N

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

SINGLE

ConfidentialityImpact

PARTIAL

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

4

Created by Yello
About Severity.io