{"containers": {"cna": {"affected": [{"product": "Cambium Networks ePMP", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cambium Networks ePMP"}]}], "datePublic": "2017-06-21T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-06-22T09:57:01.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "99083", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99083"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-7922", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cambium Networks ePMP", "version": {"version_data": [{"version_value": "Cambium Networks ePMP"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269"}]}]}, "references": {"reference_data": [{"name": "99083", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99083"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.327Z"}, "title": "CVE Program Container", "references": [{"name": "99083", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99083"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-7922", "datePublished": "2017-06-21T19:00:00.000Z", "dateReserved": "2017-04-18T00:00:00.000Z", "dateUpdated": "2024-08-05T16:19:29.327Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_1000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F8AFE87-7DE5-4D09-AC45-DDD967939A37", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "A64386E5-D470-4D75-8DBC-1686285BE06F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_elevate_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1A9AA7F-3427-412B-A3D1-0F48E5FD3394", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_elevate:-:*:*:*:*:*:*:*", "matchCriteriaId": "44737752-57D7-4DB3-B9F4-D7E52189F511", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_2000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B140BE5-6FD1-4588-839E-461658EC851D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "51C390E5-C5B7-449A-AFA1-8C746F08D7C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambium_networks:epmp_1000_hotspot_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "462EBA74-3C0D-427D-8993-BAC5383D8AF9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambium_networks:epmp_1000_hotspot:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC142E94-06B3-4C18-A281-042B66AAB51E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes."}, {"lang": "es", "value": "Se ha descubierto un problema de gesti\u00f3n incorrecta de privilegios en Cambium Networks ePMP. Los privilegios de las cadenas de comunidad SNMP no se restringen correctamente, lo que podr\u00eda permitir que un atacante obtenga acceso a informaci\u00f3n sensible y, posiblemente, permitir cambios en la configuraci\u00f3n."}], "id": "CVE-2017-7922", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-21T19:29:00.433", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.securityfocus.com/bid/99083"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.securityfocus.com/bid/99083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}