mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
239 lines
6.6 KiB
JSON
239 lines
6.6 KiB
JSON
{
|
|
"id": "CVE-2017-5261",
|
|
"sourceIdentifier": "cve@rapid7.con",
|
|
"published": "2017-12-20T22:29:00.603",
|
|
"lastModified": "2019-10-09T23:28:16.840",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En versiones de firmware 4.3 2-R4 y anteriores de Cambium Networks cnPilot, las funciones 'ping' y 'traceroute' de la consola administrativa web exponen una vulnerabilidad de salto de directorio de archivo, accesible para todos los usuarios autenticados."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "cve@rapid7.con",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-472"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "4.3.2-r4",
|
|
"matchCriteriaId": "87AFE671-F9B3-4FCE-B659-BF3EB3623A94"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_r190v:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B7E6A303-C3EF-46EB-AE4B-C5236CA28B67"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "4.3.2-r4",
|
|
"matchCriteriaId": "02EB86EE-5DBE-4AFD-9A97-54064EF70B35"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_e410:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "74E7C383-DCE9-4A3B-A410-7C35B9AB2366"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "4.3.2-r4",
|
|
"matchCriteriaId": "1E4DDF69-A4C3-485E-9BB4-33C6322F5F18"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_r190n:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BC5D1CBD-0489-4F54-B4A4-EDD1B2FE8A4D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "4.3.2-r4",
|
|
"matchCriteriaId": "A7C6997D-FFDB-4490-9DDD-A7DAACD9431E"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_e400:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FAFC8235-EF5B-4E8C-8FFD-A0A344C3DEBE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "4.3.2-r4",
|
|
"matchCriteriaId": "9C30EEBA-96E3-4382-9BE4-C5116EA66923"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cambiumnetworks:cnpilot_e600:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E4D0A961-FA16-4151-ABA5-5F401ACE27FE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
|
|
"source": "cve@rapid7.con",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |