Cambium Networks ePMP security update

Number: AV17-084
Date: 16 June 2017

Purpose

The purpose of this advisory is to bring attention to a Cambium Networks ePMP security update.

Assessment

Cambium Networks has released a product update addressing security issues for ePMP products. Successful exploitation of these vulnerabilities may allow an attacker to gain unauthorized access to and modify a device’s configuration.

Affected Products: ePMP Network Access Control Access controlCertifying that only authorized access is given to assets (both physical and electronic). For physical assets, access control may be required for a facility or restricted area (e.g. screening visitors and materials at entry points, escorting visitors). For IT assets, access controls may be required for networks, systems, and information (e.g. restricting users on specific systems, limiting account privileges). products (all models) version 3.4-RC6 and earlier

CVE References: CVE-2017-7918, CVE-2017-7922

Suggested action

CCIRC recommends that system administrators test and deploy the vendor released updates on affected platforms accordingly.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01

Date modified: