cvelistv5 - cve-2017-6044

CVE-2017-6044 (GCVE-0-2017-6044)

Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18

Summary

Severity ?

No CVSS data available.

CWE

CWE-285

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Sierra Wireless AirLink Raven XE and XT	Affected: Sierra Wireless AirLink Raven XE and XT

ICSA-17-115-02

Vulnerability from csaf_cisa - Published: 2017-04-25 00:00 - Updated: 2017-04-25 00:00

Summary

Sierra Wireless AirLink Raven XE and XT

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.

Countries/areas deployed

Worldwide

Company headquarters location

British Columbia, Canada

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Karn Ganeshen"
        ],
        "summary": "identifying and publicly released vulnerabilities in the Sierra Wireless AirLink Raven XE and XT Gateways prior to coordinating with ICS-CERT; however, the researcher did initially coordinate the identifying vulnerabilities with the vendor"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "British Columbia, Canada",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-115-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-115-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-115-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-115-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-115-02"
      }
    ],
    "title": "Sierra Wireless AirLink Raven XE and XT",
    "tracking": {
      "current_release_date": "2017-04-25T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-115-02",
      "initial_release_date": "2017-04-25T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-04-25T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-115-02 Sierra Wireless AirLink Raven XE and XT"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.0.11",
                "product": {
                  "name": "AirLink Raven XT: all versions prior to 4.0.11",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "AirLink Raven XT"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.0.14",
                "product": {
                  "name": "AirLink Raven XE: all versions prior to 4.0.14",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "AirLink Raven XE"
          }
        ],
        "category": "vendor",
        "name": "Sierra Wireless"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6044",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.CVE-2017-6044 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6044"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless has released new firmware versions to address the forced browsing and cross-site request forgery vulnerabilities. Sierra Wireless reports that the insufficiently protected credentials vulnerability will not be addressed.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless\u0027s Raven XE firmware Version 4.0.14",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/nucaleos/raven-xe-firmware-list/"
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless\u0027s Raven XT firmware Version 4.0.11",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/nucaleos/raven-xt-firmware-list/"
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless has released a Technical Bulletin",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/raven-ics-alert-16-182-01/"
        },
        {
          "category": "mitigation",
          "details": "For additional information about these vulnerabilities or the recommendations provided, please contact Sierra Wireless\u0027 security team at security@sierrawireless.com",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-6042",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.CVE-2017-6042 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6042"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless has released new firmware versions to address the forced browsing and cross-site request forgery vulnerabilities. Sierra Wireless reports that the insufficiently protected credentials vulnerability will not be addressed.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless\u0027s Raven XE firmware Version 4.0.14",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/nucaleos/raven-xe-firmware-list/"
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless\u0027s Raven XT firmware Version 4.0.11",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/nucaleos/raven-xt-firmware-list/"
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless has released a Technical Bulletin",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/raven-ics-alert-16-182-01/"
        },
        {
          "category": "mitigation",
          "details": "For additional information about these vulnerabilities or the recommendations provided, please contact Sierra Wireless\u0027 security team at security@sierrawireless.com",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-6046",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.CVE-2017-6046 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6046"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless has released new firmware versions to address the forced browsing and cross-site request forgery vulnerabilities. Sierra Wireless reports that the insufficiently protected credentials vulnerability will not be addressed.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless\u0027s Raven XE firmware Version 4.0.14",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/nucaleos/raven-xe-firmware-list/"
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless\u0027s Raven XT firmware Version 4.0.11",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/nucaleos/raven-xt-firmware-list/"
        },
        {
          "category": "mitigation",
          "details": "Sierra Wireless has released a Technical Bulletin",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/raven-ics-alert-16-182-01/"
        },
        {
          "category": "mitigation",
          "details": "For additional information about these vulnerabilities or the recommendations provided, please contact Sierra Wireless\u0027 security team at security@sierrawireless.com",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

VAR-201706-0468

Vulnerability from variot - Updated: 2023-12-18 12:03

An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot. SierraWirelessAirLinkRavenXE and XT are wireless gateway products from Sierra Wireless, Canada. A successful exploit may allow an attacker to obtain sensitive information, and perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0468",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "airlink raven xt",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sierra",
        "version": null
      },
      {
        "model": "airlink raven xe",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sierra",
        "version": null
      },
      {
        "model": "wireless airlink raven xt",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sierra",
        "version": "0"
      },
      {
        "model": "wireless airlink raven xe",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "sierra",
        "version": "0"
      },
      {
        "model": "airlink raven xe",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "sierra",
        "version": "4.0.14"
      },
      {
        "model": "airlink raven xt",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "sierra",
        "version": "4.0.11"
      },
      {
        "model": "airlink raven xe",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sierra",
        "version": null
      },
      {
        "model": "wireless airlink raven xt",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.0.11"
      },
      {
        "model": "wireless airlink raven xe",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.0.14"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "airlink raven xe",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "airlink raven xt",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "db": "BID",
        "id": "98036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "-",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6044"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Karn Ganeshen.",
    "sources": [
      {
        "db": "BID",
        "id": "98036"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-6044",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-6044",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-06884",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-114247",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6044",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6044",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-06884",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-1500",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114247",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-6044",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114247"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6044"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot. SierraWirelessAirLinkRavenXE and XT are wireless gateway products from Sierra Wireless, Canada. \nA successful exploit may allow an attacker to obtain sensitive information, and perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6044"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "db": "BID",
        "id": "98036"
      },
      {
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114247"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6044"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6044",
        "trust": 3.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-115-02",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "98036",
        "trust": 2.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "353AA0FB-843C-42D0-A916-BB2CFDC511A0",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-114247",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6044",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114247"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6044"
      },
      {
        "db": "BID",
        "id": "98036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ]
  },
  "id": "VAR-201706-0468",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114247"
      }
    ],
    "trust": 1.6368421
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:03:57.590000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AirLink Raven XE",
        "trust": 0.8,
        "url": "https://source.sierrawireless.com/devices/raven-series/raven-xe/"
      },
      {
        "title": "AirLink Raven XT",
        "trust": 0.8,
        "url": "https://source.sierrawireless.com/devices/raven-series/raven-xt/"
      },
      {
        "title": "Patch for SierraWirelessAirLinkRavenXE and XT File Download Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/93893"
      },
      {
        "title": "Sierra Wireless AirLink Raven XE  and XT Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69693"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6044"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-115-02"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/98036"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6044"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6044"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/306.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114247"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6044"
      },
      {
        "db": "BID",
        "id": "98036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114247"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6044"
      },
      {
        "db": "BID",
        "id": "98036"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6044"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-18T00:00:00",
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "date": "2017-06-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114247"
      },
      {
        "date": "2017-06-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6044"
      },
      {
        "date": "2017-04-25T00:00:00",
        "db": "BID",
        "id": "98036"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "date": "2017-06-30T03:29:00.627000",
        "db": "NVD",
        "id": "CVE-2017-6044"
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06884"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114247"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6044"
      },
      {
        "date": "2017-05-02T01:09:00",
        "db": "BID",
        "id": "98036"
      },
      {
        "date": "2017-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      },
      {
        "date": "2019-10-09T23:28:37.717000",
        "db": "NVD",
        "id": "CVE-2017-6044"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sierra Wireless AirLink Raven XE and  XT Vulnerabilities related to lack of authentication for critical functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005261"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access control error",
    "sources": [
      {
        "db": "IVD",
        "id": "353aa0fb-843c-42d0-a916-bb2cfdc511a0"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1500"
      }
    ],
    "trust": 0.8
  }
}

GSD-2017-6044

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6044

Aliases

CVE-2017-6044

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6044",
    "description": "An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.",
    "id": "GSD-2017-6044"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6044"
      ],
      "details": "An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.",
      "id": "GSD-2017-6044",
      "modified": "2023-12-13T01:21:10.098085Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-6044",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Sierra Wireless AirLink Raven XE and XT",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Sierra Wireless AirLink Raven XE and XT"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-285"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02"
          },
          {
            "name": "98036",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98036"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "-",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6044"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource",
                "VDB Entry"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02"
            },
            {
              "name": "98036",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98036"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:28Z",
      "publishedDate": "2017-06-30T03:29Z"
    }
  }
}

CNVD-2017-06884

Vulnerability from cnvd - Published: 2017-05-18

Title

Sierra Wireless AirLink Raven XE和XT文件下载漏洞

Description

Sierra Wireless AirLink Raven XE和XT都是加拿大Sierra Wireless公司的无线网关产品。 Sierra Wireless AirLink Raven存在输入验证漏洞，允许远程攻击者利用漏洞提交特殊的请求下载系统任意文件。

Severity

中

Patch Name

Sierra Wireless AirLink Raven XE和XT文件下载漏洞的补丁

Patch Description

Sierra Wireless AirLink Raven XE和XT都是加拿大Sierra Wireless公司的无线网关产品。 Sierra Wireless AirLink Raven存在输入验证漏洞，允许远程攻击者利用漏洞提交特殊的请求下载系统任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.sierrawireless.com/

Reference

http://www.securityfocus.com/bid/98036

Impacted products

Name
['Sierra Wireless AirLink Raven XT 0', 'Sierra Wireless AirLink Raven XE 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98036"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6044"
    }
  },
  "description": "Sierra Wireless AirLink Raven XE\u548cXT\u90fd\u662f\u52a0\u62ff\u5927Sierra Wireless\u516c\u53f8\u7684\u65e0\u7ebf\u7f51\u5173\u4ea7\u54c1\u3002\r\n\r\nSierra Wireless AirLink Raven\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u4e0b\u8f7d\u7cfb\u7edf\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Karn Ganeshen",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.sierrawireless.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06884",
  "openTime": "2017-05-18",
  "patchDescription": "Sierra Wireless AirLink Raven XE\u548cXT\u90fd\u662f\u52a0\u62ff\u5927Sierra Wireless\u516c\u53f8\u7684\u65e0\u7ebf\u7f51\u5173\u4ea7\u54c1\u3002\r\n\r\nSierra Wireless AirLink Raven\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\u4e0b\u8f7d\u7cfb\u7edf\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sierra Wireless AirLink Raven XE\u548cXT\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Sierra Wireless AirLink Raven XT 0",
      "Sierra Wireless AirLink Raven XE 0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/98036",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-27",
  "title": "Sierra Wireless AirLink Raven XE\u548cXT\u6587\u4ef6\u4e0b\u8f7d\u6f0f\u6d1e"
}

FKIE_CVE-2017-6044

Vulnerability from fkie_nvd - Published: 2017-06-30 03:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/98036	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02	Third Party Advisory, US Government Resource, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98036	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02	Third Party Advisory, US Government Resource, VDB Entry

Impacted products

Vendor	Product	Version
sierra_wireless	airlink_raven_xe_firmware	*
sierra_wireless	airlink_raven_xe	-
sierra_wireless	airlink_raven_xt_firmware	-
sierra_wireless	airlink_raven_xt	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD39D07-982E-4B1A-910C-76190E77665C",
              "versionEndIncluding": "-",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96F360C-3F60-462E-92A3-EE44E3624CCE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AF87F04-D3EC-49B7-BDD7-9FCE2324B051",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D81786F-6C77-42F1-ADDF-594B8D53584F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de autorizaci\u00f3n incorrecta en Sierra Wireless AirLink Raven XE, en todas las versiones anteriores a la 4.0.14, y en AirLink Raven XT, en todas las versiones anteriores a la 4.0.11. Se puede acceder sin autenticaci\u00f3n a ciertos archivos y directorios, lo que podr\u00eda permitir que un atacante remoto realice funciones sensibles, incluyendo la subida de archivos arbitrarios, la descarga de archivos y el reinicio del dispositivo."
    }
  ],
  "id": "CVE-2017-6044",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-30T03:29:00.627",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98036"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-5VXJ-C9WJ-5M6Q

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-30T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.",
  "id": "GHSA-5vxj-c9wj-5m6q",
  "modified": "2022-05-13T01:36:35Z",
  "published": "2022-05-13T01:36:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6044"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98036"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6044 (GCVE-0-2017-6044)

ICSA-17-115-02

VAR-201706-0468

GSD-2017-6044

CNVD-2017-06884

FKIE_CVE-2017-6044

GHSA-5VXJ-C9WJ-5M6Q

Tags

Sightings

Nomenclature