CVE-2017-5261 - OpenCVE

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cambiumnetworks	Cnpilot E600 Cnpilot E400 Cnpilot E410 Cnpilot R190v Firmware Cnpilot E600 Firmware Cnpilot E410 Firmware Cnpilot R190n Firmware Cnpilot E400 Firmware Cnpilot R190v Cnpilot R190n

Configuration 1 [-]

AND

cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cambiumnetworks:cnpilot_r190v:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cambiumnetworks:cnpilot_e410:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cambiumnetworks:cnpilot_r190n:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cambiumnetworks:cnpilot_e400:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cambiumnetworks:cnpilot_e600:-:*:*:*:*:*:*:*

References

Link	Resource
https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: rapid7

Published: 2017-12-20T22:00:00

Updated: 2017-12-20T21:57:01

Reserved: 2017-01-09T00:00:00

Link: CVE-2017-5261

JSON object: View

NVD Information

Status : Modified

Published: 2017-12-20T22:29:00.603

Modified: 2019-10-09T23:28:16.840

Link: CVE-2017-5261

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "cnPilot", "vendor": "Cambium Networks", "versions": [{"status": "affected", "version": "4.3.2-R4 and prior"}]}], "datePublic": "2017-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-472", "description": "CWE-472 (External Control of Assumed-Immutable Web Parameter)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-12-20T21:57:01", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "ID": "CVE-2017-5261", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "cnPilot", "version": {"version_data": [{"version_value": "4.3.2-R4 and prior"}]}}]}, "vendor_name": "Cambium Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-472 (External Control of Assumed-Immutable Web Parameter)"}]}]}, "references": {"reference_data": [{"name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", "refsource": "MISC", "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"}]}}}}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2017-5261", "datePublished": "2017-12-20T22:00:00", "dateReserved": "2017-01-09T00:00:00", "dateUpdated": "2017-12-20T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "87AFE671-F9B3-4FCE-B659-BF3EB3623A94", "versionEndIncluding": "4.3.2-r4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_r190v:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7E6A303-C3EF-46EB-AE4B-C5236CA28B67", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02EB86EE-5DBE-4AFD-9A97-54064EF70B35", "versionEndIncluding": "4.3.2-r4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_e410:-:*:*:*:*:*:*:*", "matchCriteriaId": "74E7C383-DCE9-4A3B-A410-7C35B9AB2366", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E4DDF69-A4C3-485E-9BB4-33C6322F5F18", "versionEndIncluding": "4.3.2-r4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_r190n:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC5D1CBD-0489-4F54-B4A4-EDD1B2FE8A4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7C6997D-FFDB-4490-9DDD-A7DAACD9431E", "versionEndIncluding": "4.3.2-r4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_e400:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAFC8235-EF5B-4E8C-8FFD-A0A344C3DEBE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C30EEBA-96E3-4382-9BE4-C5116EA66923", "versionEndIncluding": "4.3.2-r4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_e600:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4D0A961-FA16-4151-ABA5-5F401ACE27FE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users."}, {"lang": "es", "value": "En versiones de firmware 4.3 2-R4 y anteriores de Cambium Networks cnPilot, las funciones 'ping' y 'traceroute' de la consola administrativa web exponen una vulnerabilidad de salto de directorio de archivo, accesible para todos los usuarios autenticados."}], "id": "CVE-2017-5261", "lastModified": "2019-10-09T23:28:16.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-20T22:29:00.603", "references": [{"source": "cve@rapid7.com", "tags": ["Third Party Advisory"], "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-472"}], "source": "cve@rapid7.com", "type": "Secondary"}]}