GRI

ICS Advisory: Cambium ePMP 5GHz Force 300-25 Radio

News Cybersecurity English Guidance
Date: 14th Dec, 2023 Source: Cybersecurity and Infrastructure Security Agency Country: USA Original Source

Brief

Summary:

A vulnerability has been identified in the Cambium ePMP Force 300-25 radio, version 4.7.0.1, which could allow an attacker to perform remote code execution and gain root privileges. The vulnerability, rated CVSS v3 7.8, is a code injection weakness (CWE-94) that allows an attacker to inject malicious code. The affected product is used in critical infrastructure sectors, such as communications, and is deployed worldwide. The vendor, Cambium, has not responded to requests to work with CISA to mitigate the vulnerability, and users are advised to take defensive measures to minimize the risk of exploitation.

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 7.8
  • ATTENTION: Low attack complexity
  • Vendor: Cambium
  • Equipment: ePMP Force 300-25
  • Vulnerability: Code Injection

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to perform remote code execution on the affected product.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Cambium ePMP Force 300-25 radio are affected:

  • ePMP Force 300-25: version 4.7.0.1

3.2 Vulnerability Overview

3.2.1 IMPROPER CONTROL OF GENERATION OF CODE (‘CODE INJECTION’) CWE-94

Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.

CVE-2023-6691 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Communications
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

Madalin Zabava reported this vulnerability to CISA.

4. MITIGATIONS

Cambium has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of ePMP Force 300-25 are invited to contact Cambium customer support for additional information.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
  • Exercise principles of least privilege.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY

  • December 14, 2023: Initial Publication

Highlights content goes here...

Summary:

The Cambium ePMP Force 300-25 Radio is vulnerable to a code injection vulnerability, which could allow an attacker to perform remote code execution and gain root privileges. According to the Common Vulnerability Scoring System (CVSS v3), the vulnerability has a base score of 7.8, indicating a high severity level.

The affected product is the ePMP Force 300-25 radio, version 4.7.0.1, which is used in critical infrastructure sectors such as Communications worldwide. The vulnerability was reported by Madalin Zabava to the Cybersecurity and Infrastructure Security Agency (CISA) and has been assigned the CVE-2023-6691 identifier.

The vulnerability is characterized as having low attack complexity, and according to CISA, there is no known public exploitation specifically targeting this vulnerability at this time. However, the agency recommends that users take defensive measures to minimize the risk of exploitation, including:

Minimizing network exposure for all control system devices and/or systems
 Locating control system networks and remote devices behind firewalls and isolating them from business networks
Using more secure methods for remote access, such as Virtual Private Networks (VPNs)
 Exercising principles of least privilege

CISA has not been able to work with Cambium to mitigate this vulnerability, and users are encouraged to contact Cambium customer support for additional information. The agency also provides additional mitigation guidance and recommended practices on its website for organizations to implement proactive defense strategies.

Overall, this vulnerability highlights the importance of regular security updates and patches, as well as the importance of implementing defensive measures to minimize the risk of exploitation.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Reviewed supervisors overall applied the EBA’s recommendations on tax integrity and dividend arbitrage trading schemes, the EBA Report finds
Date: 6th Feb, 2025 Source: European Banking Authority (EBA) Country: European Union
News Tax & Compliance Guidance
CH403260 – Calculating penalties: special reduction: when to consider Special Reduction
Date: 6th Feb, 2025 Source: Her Majesty’s Revenue and Customs (HMRC) Country: United Kingdom
News Tax & Compliance Guidance
VAT Partial Exemption Guidance
Date: 6th Feb, 2025 Source: Her Majesty’s Revenue and Customs (HMRC) Country: United Kingdom
News Tax & Compliance Guidance

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales