CVE-2017-5260 (GCVE-0-2017-5260)
Vulnerability from cvelistv5
Published
2017-12-20 22:00
Modified
2024-08-05 14:55
Severity ?
CWE
  • CWE-472 - (External Control of Assumed-Immutable Web Parameter)
Summary
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.
References
Impacted products
Vendor Product Version
Cambium Networks cnPilot Version: 4.3.2-R4 and prior
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cnPilot",
          "vendor": "Cambium Networks",
          "versions": [
            {
              "status": "affected",
              "version": "4.3.2-R4 and prior"
            }
          ]
        }
      ],
      "datePublic": "2017-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the \u0027user\u0027 account, the configuration file is accessible via direct object reference (DRO) at http://\u003cdevice-ip-or-hostname\u003e/goform/down_cfg_file by this otherwise low privilege \u0027user\u0027 account."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-472",
              "description": "CWE-472 (External Control of Assumed-Immutable Web Parameter)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-20T21:57:01",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "ID": "CVE-2017-5260",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "cnPilot",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.3.2-R4 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cambium Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the \u0027user\u0027 account, the configuration file is accessible via direct object reference (DRO) at http://\u003cdevice-ip-or-hostname\u003e/goform/down_cfg_file by this otherwise low privilege \u0027user\u0027 account."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-472 (External Control of Assumed-Immutable Web Parameter)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
              "refsource": "MISC",
              "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2017-5260",
    "datePublished": "2017-12-20T22:00:00",
    "dateReserved": "2017-01-09T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-5260\",\"sourceIdentifier\":\"cve@rapid7.com\",\"published\":\"2017-12-20T22:29:00.557\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the \u0027user\u0027 account, the configuration file is accessible via direct object reference (DRO) at http://\u003cdevice-ip-or-hostname\u003e/goform/down_cfg_file by this otherwise low privilege \u0027user\u0027 account.\"},{\"lang\":\"es\",\"value\":\"En versiones de firmware 4.3 2-R4 y anteriores de Cambium Networks cnPilot, aunque la opci\u00f3n para acceder al archivo de configuraci\u00f3n no est\u00e1 disponible en la consola de administraci\u00f3n web normal para la cuenta \\\"user\\\", se puede acceder al archivo de configuraci\u00f3n mediante DRO (referencia de objeto directa) en http:///goform/down_cfg_file por esta cuenta \u0027user\u0027 de privilegios bajos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-472\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.2-r4\",\"matchCriteriaId\":\"87AFE671-F9B3-4FCE-B659-BF3EB3623A94\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cambiumnetworks:cnpilot_r190v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E6A303-C3EF-46EB-AE4B-C5236CA28B67\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.2-r4\",\"matchCriteriaId\":\"02EB86EE-5DBE-4AFD-9A97-54064EF70B35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cambiumnetworks:cnpilot_e410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74E7C383-DCE9-4A3B-A410-7C35B9AB2366\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.2-r4\",\"matchCriteriaId\":\"1E4DDF69-A4C3-485E-9BB4-33C6322F5F18\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cambiumnetworks:cnpilot_r190n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC5D1CBD-0489-4F54-B4A4-EDD1B2FE8A4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.2-r4\",\"matchCriteriaId\":\"A7C6997D-FFDB-4490-9DDD-A7DAACD9431E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cambiumnetworks:cnpilot_e400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAFC8235-EF5B-4E8C-8FFD-A0A344C3DEBE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.2-r4\",\"matchCriteriaId\":\"9C30EEBA-96E3-4382-9BE4-C5116EA66923\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cambiumnetworks:cnpilot_e600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4D0A961-FA16-4151-ABA5-5F401ACE27FE\"}]}]}],\"references\":[{\"url\":\"https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.