cvelistv5 - cve-2018-4065

CVE-2018-4065 (GCVE-0-2018-4065)

Vulnerability from cvelistv5 – Published: 2019-05-06 18:06 – Updated: 2024-08-05 05:04

Summary

Severity ?

No CVSS data available.

CWE

Cross-site Scripting

Assigner

talos

References

URL

Tags

	http://packetstormsecurity.com/files/152650/Sierr…	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03	x_refsource_MISC
	http://www.securityfocus.com/bid/108147	vdb-entryx_refsource_BID
	https://talosintelligence.com/vulnerability_repor…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Sierra Wireless	Affected: Sierra Wireless AirLink ES450 FW 4.9.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:04:28.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
          },
          {
            "name": "108147",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108147"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sierra Wireless",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Sierra Wireless AirLink ES450 FW 4.9.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-07T19:18:11",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
        },
        {
          "name": "108147",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108147"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-4065",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Sierra Wireless",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Sierra Wireless AirLink ES450 FW 4.9.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
            },
            {
              "name": "108147",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108147"
            },
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2018-4065",
    "datePublished": "2019-05-06T18:06:09",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:04:28.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B67419F-92AF-48DF-873D-F9E0190BFFD0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E042BE5-9B2E-42B9-B455-FDB35251B0A6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de Corss-Site Scripting explotable en la funcionalidad ACEManager ping_result.cgi de Sierra Wireless AirLink ES450 FW 4.9.3. Una petici\\u00f3n HTTP especialmente creado puede causar la ejecuci\\u00f3n de c\\u00f3digo javascript reflejado, resultando en la ejecuci\\u00f3n de c\\u00f3digo javascript en el navegador del v\\u00edctima. Un atacante puede conseguir que una v\\u00edctima haga clic en un enlace, o URL embebida, que redirija a la vulnerabilidad Corss-Site Scripting reflejada para disparar esta vulnerabilidad.\"}]",
      "id": "CVE-2018-4065",
      "lastModified": "2024-11-21T04:06:40.717",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-05-06T19:29:00.700",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"http://www.securityfocus.com/bid/108147\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03\", \"source\": \"talos-cna@cisco.com\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/108147\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4065\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2019-05-06T19:29:00.700\",\"lastModified\":\"2024-11-21T04:06:40.717\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de Corss-Site Scripting explotable en la funcionalidad ACEManager ping_result.cgi de Sierra Wireless AirLink ES450 FW 4.9.3. Una petici\u00f3n HTTP especialmente creado puede causar la ejecuci\u00f3n de c\u00f3digo javascript reflejado, resultando en la ejecuci\u00f3n de c\u00f3digo javascript en el navegador del v\u00edctima. Un atacante puede conseguir que una v\u00edctima haga clic en un enlace, o URL embebida, que redirija a la vulnerabilidad Corss-Site Scripting reflejada para disparar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B67419F-92AF-48DF-873D-F9E0190BFFD0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E042BE5-9B2E-42B9-B455-FDB35251B0A6\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"http://www.securityfocus.com/bid/108147\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/108147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-14394

Vulnerability from cnvd - Published: 2019-05-15

Title

Sierra Wireless AirLink ES450跨站脚本漏洞

Description

Sierra Wireless AirLink ES450是加拿大Sierra Wireless公司的一款蜂窝网络调制解调器设备。使用4.9.3版本固件的Sierra Wireless AirLink ES450中的ACEManager ping_result.cgi功能存在跨站脚本漏洞，该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Severity

中

Patch Name

Sierra Wireless AirLink ES450跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.sierrawireless.com/

Reference

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0750

Impacted products

Name
Sierra Wireless AirLink ES450 FW 4.9.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4065"
    }
  },
  "description": "Sierra Wireless AirLink ES450\u662f\u52a0\u62ff\u5927Sierra Wireless\u516c\u53f8\u7684\u4e00\u6b3e\u8702\u7a9d\u7f51\u7edc\u8c03\u5236\u89e3\u8c03\u5668\u8bbe\u5907\u3002\n\n\u4f7f\u75284.9.3\u7248\u672c\u56fa\u4ef6\u7684Sierra Wireless AirLink ES450\u4e2d\u7684ACEManager ping_result.cgi\u529f\u80fd\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
  "discovererName": "Carl Hurd and Jared Rittle of Cisco Talos.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.sierrawireless.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-14394",
  "openTime": "2019-05-15",
  "patchDescription": "Sierra Wireless AirLink ES450\u662f\u52a0\u62ff\u5927Sierra Wireless\u516c\u53f8\u7684\u4e00\u6b3e\u8702\u7a9d\u7f51\u7edc\u8c03\u5236\u89e3\u8c03\u5668\u8bbe\u5907\u3002\r\n\r\n\u4f7f\u75284.9.3\u7248\u672c\u56fa\u4ef6\u7684Sierra Wireless AirLink ES450\u4e2d\u7684ACEManager ping_result.cgi\u529f\u80fd\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sierra Wireless AirLink ES450\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sierra Wireless AirLink ES450 FW 4.9.3"
  },
  "referenceLink": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0750",
  "serverity": "\u4e2d",
  "submitTime": "2019-04-28",
  "title": "Sierra Wireless AirLink ES450\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GHSA-J2R3-RXW6-4CR5

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:29

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-06T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.",
  "id": "GHSA-j2r3-rxw6-4cr5",
  "modified": "2024-04-04T00:29:40Z",
  "published": "2022-05-24T16:45:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4065"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-4065

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4065

Aliases

CVE-2018-4065

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4065",
    "description": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.",
    "id": "GSD-2018-4065",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-4065"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4065"
      ],
      "details": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.",
      "id": "GSD-2018-4065",
      "modified": "2023-12-13T01:22:28.173790Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2018-4065",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Sierra Wireless",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Sierra Wireless AirLink ES450 FW 4.9.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site Scripting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
          },
          {
            "name": "108147",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108147"
          },
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-4065"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03",
              "refsource": "MISC",
              "tags": [],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
            },
            {
              "name": "108147",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/108147"
            },
            {
              "name": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-05-07T20:29Z",
      "publishedDate": "2019-05-06T19:29Z"
    }
  }
}

FKIE_CVE-2018-4065

Vulnerability from fkie_nvd - Published: 2019-05-06 19:29 - Updated: 2024-11-21 04:06

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
talos-cna@cisco.com	http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html
talos-cna@cisco.com	http://www.securityfocus.com/bid/108147
talos-cna@cisco.com	https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108147
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	sierrawireless	airlink_es450_firmware	4.9.3
	sierrawireless	airlink_es450	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B67419F-92AF-48DF-873D-F9E0190BFFD0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E042BE5-9B2E-42B9-B455-FDB35251B0A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de Corss-Site Scripting explotable en la funcionalidad ACEManager ping_result.cgi de Sierra Wireless AirLink ES450 FW 4.9.3. Una petici\u00f3n HTTP especialmente creado puede causar la ejecuci\u00f3n de c\u00f3digo javascript reflejado, resultando en la ejecuci\u00f3n de c\u00f3digo javascript en el navegador del v\u00edctima. Un atacante puede conseguir que una v\u00edctima haga clic en un enlace, o URL embebida, que redirija a la vulnerabilidad Corss-Site Scripting reflejada para disparar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2018-4065",
  "lastModified": "2024-11-21T04:06:40.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-06T19:29:00.700",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "url": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html"
    },
    {
      "source": "talos-cna@cisco.com",
      "url": "http://www.securityfocus.com/bid/108147"
    },
    {
      "source": "talos-cna@cisco.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/108147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201905-0854

Vulnerability from variot - Updated: 2023-12-18 12:17

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A cross-site scripting vulnerability exists in the ACEManagerping_result.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0854",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "airlink es450",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sierrawireless",
        "version": "4.9.3"
      },
      {
        "model": "airlink es450",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sierra",
        "version": "fw 4.9.3"
      },
      {
        "model": "wireless airlink es450 fw",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sierra",
        "version": "4.9.3"
      },
      {
        "model": "wireless airlink rv50x aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.2"
      },
      {
        "model": "wireless airlink rv50 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.2"
      },
      {
        "model": "wireless airlink mp70e aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.2"
      },
      {
        "model": "wireless airlink mp70 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.2"
      },
      {
        "model": "wireless airlink lx60 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.10"
      },
      {
        "model": "wireless airlink lx40 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.1"
      },
      {
        "model": "wireless airlink ls300 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.4.8"
      },
      {
        "model": "wireless airlink gx450 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.9.3"
      },
      {
        "model": "wireless airlink gx440 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.4.8"
      },
      {
        "model": "wireless airlink gx400 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.4.8"
      },
      {
        "model": "wireless airlink es450 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.9.3"
      },
      {
        "model": "wireless airlink es440 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.4.8"
      },
      {
        "model": "wireless airlink gx450 aleos 4.9.4.p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": null
      },
      {
        "model": "wireless airlink gx450 aleos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.9.4"
      },
      {
        "model": "wireless airlink es450 aleos 4.9.4.p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": null
      },
      {
        "model": "wireless airlink es450 aleos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.9.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4065"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4065"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carl Hurd and Jared Rittle of Cisco Talos,Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-4065",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-4065",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2019-14394",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-134096",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-4065",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-4065",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-14394",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-1196",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134096",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134096"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A cross-site scripting vulnerability exists in the ACEManagerping_result.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code  in the browser of the victim in the context of the affected site, steal  cookie-based authentication credentials, gain access to sensitive  information, perform certain  administrative actions and gain unauthorized access to the affected  application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in  further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4065"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134096"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-134096",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134096"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "TALOS",
        "id": "TALOS-2018-0750",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4065",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-122-03",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "108147",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "152650",
        "trust": 1.7
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0746",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0752",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0748",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0754",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0747",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0751",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "47356",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1530.2",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-134096",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134096"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ]
  },
  "id": "VAR-201905-0854",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134096"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:17:59.218000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AirLink ES450: LTE Enterprise Gateway",
        "trust": 0.8,
        "url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
      },
      {
        "title": "Patch for SierraWirelessAirLinkES450 Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/161293"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134096"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4065"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
      },
      {
        "trust": 2.5,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0750"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/108147"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/152650/sierra-wireless-airlink-es450-acemanager-ping_result.cgi-cross-site-scripting.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4065"
      },
      {
        "trust": 1.2,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0750"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://www.sierrawireless.com/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0751"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0754"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0746"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0750"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0752"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0748"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0747"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4065"
      },
      {
        "trust": 0.6,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
      },
      {
        "trust": 0.6,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
      },
      {
        "trust": 0.6,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47356"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152650/sierra-wireless-airlink-es450-acemanager-ping/result.cgi-cross-site-scripting.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80158"
      },
      {
        "trust": 0.3,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
      },
      {
        "trust": 0.3,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
      },
      {
        "trust": 0.3,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134096"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134096"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4065"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "date": "2019-05-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134096"
      },
      {
        "date": "2019-04-25T00:00:00",
        "db": "BID",
        "id": "108147"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "date": "2019-05-06T19:29:00.700000",
        "db": "NVD",
        "id": "CVE-2018-4065"
      },
      {
        "date": "2019-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "date": "2019-05-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134096"
      },
      {
        "date": "2019-04-25T00:00:00",
        "db": "BID",
        "id": "108147"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015384"
      },
      {
        "date": "2019-05-07T20:29:01.173000",
        "db": "NVD",
        "id": "CVE-2018-4065"
      },
      {
        "date": "2020-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sierra Wireless AirLink ES450 Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-14394"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1196"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4065 (GCVE-0-2018-4065)

CNVD-2019-14394

GHSA-J2R3-RXW6-4CR5

GSD-2018-4065

FKIE_CVE-2018-4065

VAR-201905-0854

Tags

Sightings

Nomenclature