CVE-2017-5259
published 2017-12-20CVE-2017-5259: In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path…
PriorityP183high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
39.18%
98.4th percentile
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cambium_networks | cnpilot | — | — |
| cambiumnetworks | cnpilot_e400_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_e410_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_e600_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_r190n_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_r190v_firmware | <= 4.3.2-r4 | — |
| cron_project | cron | >= 0 < 3.0pl1-128.1ubuntu1.1 | 3.0pl1-128.1ubuntu1.1 |
| cron_project | cron | >= 0 < 3.0pl1-128.1ubuntu1.2 | 3.0pl1-128.1ubuntu1.2 |
| cron_project | cron | >= 0 < 3.0pl1-128ubuntu2+esm2 | 3.0pl1-128ubuntu2+esm2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests to the undocumented web shell path /adm/syscmd.asp on Cambium cnPilot devices, which provides root-privilege command execution to any authenticated user. ↗
- →Flag any authenticated HTTP access to /adm/syscmd.asp on cnPilot r200/r201 devices running firmware versions 4.2.3-R4 through 4.3.3-R4 as exploitation of the backdoor shell. ↗
- →Monitor for arbitrary OS command execution originating from the web shell path /adm/syscmd.asp running as root on Cambium cnPilot devices. ↗
- ·The backdoor shell is accessible to ANY authenticated user, not just administrators — authentication alone is insufficient as a control boundary. ↗
- ·Affected firmware version range spans 4.2.3-R4 to 4.3.3-R4 per Metasploit module, while NVD states 4.3.2-R4 and prior — detections should cover the broader range. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv6.7MEDIUM
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pvcw-q9rv-w4v9: In versions 4
ghsa_unreviewed·2022-05-13
CVE-2017-5259 [HIGH] CWE-319 GHSA-pvcw-q9rv-w4v9: In versions 4
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp.
OSV
cron regression
osv·2022-05-11·CVSS 6.7
CVE-2017-9525 cron regression
cron regression
USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)
Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)
It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could poss
OSV
cron vulnerabilities
osv·2022-05-06·CVSS 6.7
CVE-2017-9525 cron vulnerabilities
cron vulnerabilities
USN-5259-1 fixed several vulnerabilities in Cron. This update provides
the corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that the postinst maintainer script in Cron unsafely
handled file permissions during package install or update operations.
An attacker could possibly use this issue to perform a privilege
escalation attack. (CVE-2017-9525)
Florian Weimer discovered that Cron incorrectly handled certain memory
operations during crontab file creation. An attacker could possibly use
this issue to cause a denial of service. (CVE-2019-9704)
It was discovered that Cron incorrectly handled user input during crontab
file creation. An attacker could possibly use this issue to cause a denial
of service. (CVE-2019-9705)
It was dis
VulnCheck
cambiumnetworks cnpilot_r190v_firmware Active Debug Code
vulncheck·2017·CVSS 8.8
CVE-2017-5259 [HIGH] cambiumnetworks cnpilot_r190v_firmware Active Debug Code
cambiumnetworks cnpilot_r190v_firmware Active Debug Code
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp.
Affected: cambiumnetworks cnpilot_r190v_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.xlab.qianxin.com/mirai-tbot-en/; https://blog.xlab.qianxin.com/catddos-derivative-en/; https://blog.xlab.qianxin.com/gayfemboy-en/; https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/; https://blog.xlab.qianxin.com/super-large-scale-botnet-aisuru-en/
No detection rules found.
No writeups or analysis indexed.
2017-12-20
Published
Exploited in the wild