CVE-2023-31280
Vulnerability from cvelistv5
Published
2024-12-20 23:41
Modified
2024-12-20 23:41
Severity ?
EPSS score ?
Summary
An AirVantage online Warranty Checker tool vulnerability could allow an attacker to
perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial
Number in addition to the warranty status when the Serial Number or IMEI is used to look up
warranty status.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Sierra Wireless | AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices. |
Version: All Sierra Wireless devices. |
|
|
|||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices.",
"vendor": "Sierra Wireless",
"versions": [
{
"status": "affected",
"version": "All Sierra Wireless devices.",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-05-12T22:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An AirVantage online Warranty Checker tool vulnerability could allow an attacker to \nperform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial \nNumber in addition to the warranty status when the Serial Number or IMEI is used to look up \nwarranty status."
}
],
"value": "An AirVantage online Warranty Checker tool vulnerability could allow an attacker to \nperform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial \nNumber in addition to the warranty status when the Serial Number or IMEI is used to look up \nwarranty status."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Availability of IMEI and Serial Numbers pairs."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:41:22.070Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-31280",
"datePublished": "2024-12-20T23:41:22.070Z",
"dateReserved": "2023-04-26T19:52:55.324Z",
"dateUpdated": "2024-12-20T23:41:22.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-31280\",\"sourceIdentifier\":\"security@sierrawireless.com\",\"published\":\"2024-12-21T00:15:27.603\",\"lastModified\":\"2024-12-21T00:15:27.603\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An AirVantage online Warranty Checker tool vulnerability could allow an attacker to \\nperform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial \\nNumber in addition to the warranty status when the Serial Number or IMEI is used to look up \\nwarranty status.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@sierrawireless.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@sierrawireless.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"references\":[{\"url\":\"https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-002/\",\"source\":\"security@sierrawireless.com\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.