CVE-2017-5255

Опубликовано: 20 дек. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Высокий

Описание

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.

Ссылки

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
Third Party Advisory
https://www.exploit-db.com/exploits/43413/
Third Party Advisory
VDB Entry
https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
Third Party Advisory
https://www.exploit-db.com/exploits/43413/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cambiumnetworks:epmp_1000_firmware:*:*:*:*:*:*:*:*

Версия до 3.5 (включая)

cpe:2.3:h:cambiumnetworks:epmp_1000:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:*:*:*:*:*:*:*:*

Версия до 3.5 (включая)

cpe:2.3:h:cambiumnetworks:epmp_2000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.71417

Высокий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-x9r7-5gw2-pphx