Main Vulnerability Database Exploits ID:59 - Exploit for Information disclosure in ePMP - CVE-2017-7918

ID:59 - Exploit for Information disclosure in ePMP - CVE-2017-7918

Published: March 18, 2020

Vulnerability identifier: #VU7133

Vulnerability risk: Low

CVE-ID: CVE-2017-7918

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
ePMP

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/scanner/snmp/epmp1000_snmp_loot

Vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient access control. A remote attacker can use specific MIBs, trigger device configuration backups after a valid user has used SNMP configuration export, gain access to sensitive information and possibly change configuration.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Update to version 3.4-RC7 or later.

ID:59 - Exploit for Information disclosure in ePMP - CVE-2017-7918

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human