cvelistv5 - cve-2018-4069

CVE-2018-4069 (GCVE-0-2018-4069)

Vulnerability from cvelistv5 – Published: 2019-05-06 17:42 – Updated: 2024-08-05 05:04

Summary

Severity ?

No CVSS data available.

CWE

Missing Encryption of Sensitive Data

Assigner

talos

References

URL

	Vendor	Product	Version
	n/a	Sierra Wireless	Affected: Sierra Wireless AirLink ES450 FW 4.9.3

CNVD-2019-13242

Vulnerability from cnvd - Published: 2019-05-07

Title

Sierra Wireless AirLink ES450信息泄露漏洞

Description

Sierra Wireless AirLink ES450是加拿大Sierra Wireless公司的一款蜂窝网络调制解调器设备。使用4.9.3版本版本固件的Sierra Wireless AirLink ES450中的ACEManager身份验证功能存在信息泄露漏洞，攻击者可利用该漏洞嗅探明文形式的凭证。

Severity

中

Patch Name

Sierra Wireless AirLink ES450信息泄露漏洞的补丁

Patch Description

Sierra Wireless AirLink ES450是加拿大Sierra Wireless公司的一款蜂窝网络调制解调器设备。使用4.9.3版本版本固件的Sierra Wireless AirLink ES450中的ACEManager身份验证功能存在信息泄露漏洞，攻击者可利用该漏洞嗅探明文形式的凭证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.sierrawireless.com/

Reference

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0754

Impacted products

Name
Sierra Wireless AirLink ES450 4.9.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4069"
    }
  },
  "description": "Sierra Wireless AirLink ES450\u662f\u52a0\u62ff\u5927Sierra Wireless\u516c\u53f8\u7684\u4e00\u6b3e\u8702\u7a9d\u7f51\u7edc\u8c03\u5236\u89e3\u8c03\u5668\u8bbe\u5907\u3002\n\n\u4f7f\u75284.9.3\u7248\u672c\u7248\u672c\u56fa\u4ef6\u7684Sierra Wireless AirLink ES450\u4e2d\u7684ACEManager\u8eab\u4efd\u9a8c\u8bc1\u529f\u80fd\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u55c5\u63a2\u660e\u6587\u5f62\u5f0f\u7684\u51ed\u8bc1\u3002",
  "discovererName": "Carl Hurd",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.sierrawireless.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-13242",
  "openTime": "2019-05-07",
  "patchDescription": "Sierra Wireless AirLink ES450\u662f\u52a0\u62ff\u5927Sierra Wireless\u516c\u53f8\u7684\u4e00\u6b3e\u8702\u7a9d\u7f51\u7edc\u8c03\u5236\u89e3\u8c03\u5668\u8bbe\u5907\u3002\r\n\r\n\u4f7f\u75284.9.3\u7248\u672c\u7248\u672c\u56fa\u4ef6\u7684Sierra Wireless AirLink ES450\u4e2d\u7684ACEManager\u8eab\u4efd\u9a8c\u8bc1\u529f\u80fd\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u55c5\u63a2\u660e\u6587\u5f62\u5f0f\u7684\u51ed\u8bc1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sierra Wireless AirLink ES450\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sierra Wireless AirLink ES450 4.9.3"
  },
  "referenceLink": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0754",
  "serverity": "\u4e2d",
  "submitTime": "2019-04-28",
  "title": "Sierra Wireless AirLink ES450\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201905-0858

Vulnerability from variot - Updated: 2023-12-18 12:17

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0858",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "airlink es450",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sierrawireless",
        "version": "4.9.3"
      },
      {
        "model": "airlink es450",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sierra",
        "version": "4.9.3"
      },
      {
        "model": "wireless airlink es450",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sierra",
        "version": "4.9.3"
      },
      {
        "model": "wireless airlink rv50x aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.2"
      },
      {
        "model": "wireless airlink rv50 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.2"
      },
      {
        "model": "wireless airlink mp70e aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.2"
      },
      {
        "model": "wireless airlink mp70 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.2"
      },
      {
        "model": "wireless airlink lx60 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.10"
      },
      {
        "model": "wireless airlink lx40 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.11.1"
      },
      {
        "model": "wireless airlink ls300 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.4.8"
      },
      {
        "model": "wireless airlink gx450 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.9.3"
      },
      {
        "model": "wireless airlink gx440 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.4.8"
      },
      {
        "model": "wireless airlink gx400 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.4.8"
      },
      {
        "model": "wireless airlink es450 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.9.3"
      },
      {
        "model": "wireless airlink es440 aleos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.4.8"
      },
      {
        "model": "wireless airlink gx450 aleos 4.9.4.p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": null
      },
      {
        "model": "wireless airlink gx450 aleos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.9.4"
      },
      {
        "model": "wireless airlink es450 aleos 4.9.4.p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": null
      },
      {
        "model": "wireless airlink es450 aleos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sierra",
        "version": "4.9.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4069"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4069"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Carl Hurd and Jared Rittle of Cisco Talos,Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-4069",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-4069",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2019-13242",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-134100",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-4069",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-4069",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-13242",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-1210",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-134100",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134100"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code  in the browser of the victim in the context of the affected site, steal  cookie-based authentication credentials, gain access to sensitive  information, perform certain  administrative actions and gain unauthorized access to the affected  application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in  further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-4069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134100"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "TALOS",
        "id": "TALOS-2018-0754",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4069",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-122-03",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "108147",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "152654",
        "trust": 1.7
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0746",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0752",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0748",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0747",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0750",
        "trust": 0.9
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0751",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1530.2",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "47375",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-134100",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134100"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ]
  },
  "id": "VAR-201905-0858",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134100"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:17:59.062000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AirLink ES450",
        "trust": 0.8,
        "url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
      },
      {
        "title": "Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/160409"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-134100"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4069"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
      },
      {
        "trust": 2.5,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0754"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/108147"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/152654/sierra-wireless-airlink-es450-acemanager-information-exposure.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4069"
      },
      {
        "trust": 1.2,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0754"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
      },
      {
        "trust": 0.9,
        "url": "https://www.sierrawireless.com/"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0751"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0754"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0746"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0750"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0752"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0748"
      },
      {
        "trust": 0.9,
        "url": "https://www.talosintelligence.com/reports/talos-2018-0747"
      },
      {
        "trust": 0.9,
        "url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4069"
      },
      {
        "trust": 0.6,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
      },
      {
        "trust": 0.6,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
      },
      {
        "trust": 0.6,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
      },
      {
        "trust": 0.6,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80158"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/47375"
      },
      {
        "trust": 0.3,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
      },
      {
        "trust": 0.3,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
      },
      {
        "trust": 0.3,
        "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134100"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "VULHUB",
        "id": "VHN-134100"
      },
      {
        "db": "BID",
        "id": "108147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-4069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "date": "2019-05-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134100"
      },
      {
        "date": "2019-04-25T00:00:00",
        "db": "BID",
        "id": "108147"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "date": "2019-05-06T18:29:00.477000",
        "db": "NVD",
        "id": "CVE-2018-4069"
      },
      {
        "date": "2019-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "date": "2019-05-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-134100"
      },
      {
        "date": "2019-04-25T00:00:00",
        "db": "BID",
        "id": "108147"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015382"
      },
      {
        "date": "2019-05-07T20:29:01.750000",
        "db": "NVD",
        "id": "CVE-2018-4069"
      },
      {
        "date": "2020-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sierra Wireless AirLink ES450 Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-13242"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1210"
      }
    ],
    "trust": 0.6
  }
}

GHSA-22GR-GPPH-J2C5

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-06T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.",
  "id": "GHSA-22gr-gpph-j2c5",
  "modified": "2024-04-04T00:30:04Z",
  "published": "2022-05-24T16:45:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4069"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-4069

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4069

Aliases

CVE-2018-4069

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4069",
    "description": "An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.",
    "id": "GSD-2018-4069",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-4069"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4069"
      ],
      "details": "An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.",
      "id": "GSD-2018-4069",
      "modified": "2023-12-13T01:22:28.056017Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2018-4069",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Sierra Wireless",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Sierra Wireless AirLink ES450 FW 4.9.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Missing Encryption of Sensitive Data"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
          },
          {
            "name": "108147",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108147"
          },
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-4069"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03",
              "refsource": "MISC",
              "tags": [],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
            },
            {
              "name": "108147",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/108147"
            },
            {
              "name": "http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-05-07T20:29Z",
      "publishedDate": "2019-05-06T18:29Z"
    }
  }
}

FKIE_CVE-2018-4069

Vulnerability from fkie_nvd - Published: 2019-05-06 18:29 - Updated: 2024-11-21 04:06

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
talos-cna@cisco.com	http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html
talos-cna@cisco.com	http://www.securityfocus.com/bid/108147
talos-cna@cisco.com	https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108147
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	sierrawireless	airlink_es450_firmware	4.9.3
	sierrawireless	airlink_es450	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B67419F-92AF-48DF-873D-F9E0190BFFD0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E042BE5-9B2E-42B9-B455-FDB35251B0A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de autenticaci\u00f3n ACEManager de Sierra Wireless AirLink ES450 FW 4.9.3. La funcionalidad de autenticaci\u00f3n de ACEManager se realiza en texto plano XML al servidor web. Un atacante puede escuchar el tr\u00e1fico de la red desde el dispositivo para aprovechar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2018-4069",
  "lastModified": "2024-11-21T04:06:41.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-06T18:29:00.477",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "url": "http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html"
    },
    {
      "source": "talos-cna@cisco.com",
      "url": "http://www.securityfocus.com/bid/108147"
    },
    {
      "source": "talos-cna@cisco.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/108147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-19-122-03

Vulnerability from csaf_cisa - Published: 2019-05-02 00:00 - Updated: 2020-04-23 00:00

Summary

Sierra Wireless AirLink ALEOS (Update B)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths.

Critical infrastructure sectors

Commercial Facilities, Communications, Emergency Services, Energy, Government Facilities, Transportation Systems, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Canada

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Carl Hurd",
          "Jared Rittle"
        ],
        "organization": "Cisco Talos",
        "summary": "reporting these vulnerabilities to Sierra Wireless"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Communications, Emergency Services, Energy, Government Facilities, Transportation Systems, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Canada",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-122-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-122-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-122-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-122-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.us-cert.gov/"
      }
    ],
    "title": "Sierra Wireless AirLink ALEOS (Update B)",
    "tracking": {
      "current_release_date": "2020-04-23T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-122-03",
      "initial_release_date": "2019-05-02T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-05-02T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-122-03 Sierra Wireless AirLink ALEOS"
        },
        {
          "date": "2019-08-20T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-19-122-03 Sierra Wireless AirLink ALEOS (Update A)"
        },
        {
          "date": "2020-04-23T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSA-19-122-03 Sierra Wireless AirLink ALEOS (Update B)"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.12",
                "product": {
                  "name": "MP70 MP70E RV50 RV50X LX40 and LX60: All versions prior to 4.12",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MP70 MP70E RV50 RV50X LX40 and LX60"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.4.9",
                "product": {
                  "name": "LS300 GX400 GX440 and ES440: All versions prior to 4.4.9",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "LS300 GX400 GX440 and ES440"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.9.4",
                "product": {
                  "name": "GX450 and ES450: All versions prior to 4.9.4",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "GX450 and ES450"
          }
        ],
        "category": "vendor",
        "name": "Sierra Wireless"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-4061",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted authenticated HTTP request can inject arbitrary commands, resulting in remote code execution.CVE-2018-4061 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4061"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless recommends users upgrade to the latest version of ALEOS for the products and versions below. For upgrade assistance, contact an authorized AirLink reseller, Sierra Wireless sales, technical representative, or Sierra Wireless technical support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "LS300, GX400, GX440, ES440:  ALEOS 4.4.9 The ALEOS 4.4.9 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,9-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "GX450, ES450:  ALEOS 4.9.4.p09",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "MP70, MP70E, RV50, RV50X, LX40, LX60:  ALEOS 4.12 The ALEOS 4.12.0 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,12,-d-,0-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "Ensure a strong password is set for the user account. For guidance on password strength, Sierra Wireless recommends the \u201cmemorized secret authenticator\u201d guidelines in NIST SP800-63B.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ALEOS Application Framework (AAF) is enabled, ensure a strong password is set for the AAF User account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If Telnet or SSH is enabled, ensure a strong password is set for the console account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "When connecting directly to ACEmanager: Use only HTTPS.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Utilize an up-to-date, modern web browser with built-in CSS and CSRF protection, such as Chrome, Firefox, or Edge.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following SNORT rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to a Firepower Management Center or Snort.org.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Snort Rules: 48600, 48635, 48614 - 48621, 48747",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-4062",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Activating SNMPD outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate SNMPD without any configuration changes to trigger this vulnerability.CVE-2018-4062 has been assigned to this vulnerability. A CVSS v3 base score of 6.2 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4062"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless recommends users upgrade to the latest version of ALEOS for the products and versions below. For upgrade assistance, contact an authorized AirLink reseller, Sierra Wireless sales, technical representative, or Sierra Wireless technical support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "LS300, GX400, GX440, ES440:  ALEOS 4.4.9 The ALEOS 4.4.9 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,9-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "GX450, ES450:  ALEOS 4.9.4.p09",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "MP70, MP70E, RV50, RV50X, LX40, LX60:  ALEOS 4.12 The ALEOS 4.12.0 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,12,-d-,0-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "Ensure a strong password is set for the user account. For guidance on password strength, Sierra Wireless recommends the \u201cmemorized secret authenticator\u201d guidelines in NIST SP800-63B.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ALEOS Application Framework (AAF) is enabled, ensure a strong password is set for the AAF User account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If Telnet or SSH is enabled, ensure a strong password is set for the console account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "When connecting directly to ACEmanager: Use only HTTPS.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Utilize an up-to-date, modern web browser with built-in CSS and CSRF protection, such as Chrome, Firefox, or Edge.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following SNORT rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to a Firepower Management Center or Snort.org.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Snort Rules: 48600, 48635, 48614 - 48621, 48747",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-4063",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted authenticated HTTP request can upload a file, resulting in an executable, routable code upload to the web server.CVE-2018-4063 has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4063"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless recommends users upgrade to the latest version of ALEOS for the products and versions below. For upgrade assistance, contact an authorized AirLink reseller, Sierra Wireless sales, technical representative, or Sierra Wireless technical support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "LS300, GX400, GX440, ES440:  ALEOS 4.4.9 The ALEOS 4.4.9 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,9-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "GX450, ES450:  ALEOS 4.9.4.p09",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "MP70, MP70E, RV50, RV50X, LX40, LX60:  ALEOS 4.12 The ALEOS 4.12.0 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,12,-d-,0-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "Ensure a strong password is set for the user account. For guidance on password strength, Sierra Wireless recommends the \u201cmemorized secret authenticator\u201d guidelines in NIST SP800-63B.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ALEOS Application Framework (AAF) is enabled, ensure a strong password is set for the AAF User account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If Telnet or SSH is enabled, ensure a strong password is set for the console account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "When connecting directly to ACEmanager: Use only HTTPS.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Utilize an up-to-date, modern web browser with built-in CSS and CSRF protection, such as Chrome, Firefox, or Edge.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following SNORT rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to a Firepower Management Center or Snort.org.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Snort Rules: 48600, 48635, 48614 - 48621, 48747",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-4066",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted HTTP ping request can cause reflected JavaScript to be executed and run on the user \u0027s browser. An attacker can exploit this by convincing a user to click a link or embedded URL that redirects to the reflected cross-site scripting vulnerability.CVE-2018-4066 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4066"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless recommends users upgrade to the latest version of ALEOS for the products and versions below. For upgrade assistance, contact an authorized AirLink reseller, Sierra Wireless sales, technical representative, or Sierra Wireless technical support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "LS300, GX400, GX440, ES440:  ALEOS 4.4.9 The ALEOS 4.4.9 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,9-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "GX450, ES450:  ALEOS 4.9.4.p09",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "MP70, MP70E, RV50, RV50X, LX40, LX60:  ALEOS 4.12 The ALEOS 4.12.0 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,12,-d-,0-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "Ensure a strong password is set for the user account. For guidance on password strength, Sierra Wireless recommends the \u201cmemorized secret authenticator\u201d guidelines in NIST SP800-63B.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ALEOS Application Framework (AAF) is enabled, ensure a strong password is set for the AAF User account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If Telnet or SSH is enabled, ensure a strong password is set for the console account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "When connecting directly to ACEmanager: Use only HTTPS.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Utilize an up-to-date, modern web browser with built-in CSS and CSRF protection, such as Chrome, Firefox, or Edge.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following SNORT rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to a Firepower Management Center or Snort.org.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Snort Rules: 48600, 48635, 48614 - 48621, 48747",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-4067",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests through an authenticated user. Triggering this vulnerability may allow an attacker access to authenticated pages via an authenticated user.CVE-2018-4067 has been assigned to this vulnerability. A CVSS v3 base score of 4.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4067"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless recommends users upgrade to the latest version of ALEOS for the products and versions below. For upgrade assistance, contact an authorized AirLink reseller, Sierra Wireless sales, technical representative, or Sierra Wireless technical support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "LS300, GX400, GX440, ES440:  ALEOS 4.4.9 The ALEOS 4.4.9 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,9-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "GX450, ES450:  ALEOS 4.9.4.p09",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "MP70, MP70E, RV50, RV50X, LX40, LX60:  ALEOS 4.12 The ALEOS 4.12.0 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,12,-d-,0-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "Ensure a strong password is set for the user account. For guidance on password strength, Sierra Wireless recommends the \u201cmemorized secret authenticator\u201d guidelines in NIST SP800-63B.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ALEOS Application Framework (AAF) is enabled, ensure a strong password is set for the AAF User account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If Telnet or SSH is enabled, ensure a strong password is set for the console account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "When connecting directly to ACEmanager: Use only HTTPS.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Utilize an up-to-date, modern web browser with built-in CSS and CSRF protection, such as Chrome, Firefox, or Edge.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following SNORT rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to a Firepower Management Center or Snort.org.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Snort Rules: 48600, 48635, 48614 - 48621, 48747",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-4069",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted authenticated HTTP request can cause an information leak, resulting in the disclosure of internal file paths.CVE-2018-4069 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4069"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Sierra Wireless recommends users upgrade to the latest version of ALEOS for the products and versions below. For upgrade assistance, contact an authorized AirLink reseller, Sierra Wireless sales, technical representative, or Sierra Wireless technical support.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "LS300, GX400, GX440, ES440:  ALEOS 4.4.9 The ALEOS 4.4.9 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,9-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "GX450, ES450:  ALEOS 4.9.4.p09",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "MP70, MP70E, RV50, RV50X, LX40, LX60:  ALEOS 4.12 The ALEOS 4.12.0 Release Note is available (login required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ],
          "url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,12,-d-,0-release-notes/"
        },
        {
          "category": "mitigation",
          "details": "Ensure a strong password is set for the user account. For guidance on password strength, Sierra Wireless recommends the \u201cmemorized secret authenticator\u201d guidelines in NIST SP800-63B.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If ALEOS Application Framework (AAF) is enabled, ensure a strong password is set for the AAF User account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "If Telnet or SSH is enabled, ensure a strong password is set for the console account.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "When connecting directly to ACEmanager: Use only HTTPS.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Utilize an up-to-date, modern web browser with built-in CSS and CSRF protection, such as Chrome, Firefox, or Edge.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "The following SNORT rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to a Firepower Management Center or Snort.org.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "mitigation",
          "details": "Snort Rules: 48600, 48635, 48614 - 48621, 48747",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4069 (GCVE-0-2018-4069)

CNVD-2019-13242

VAR-201905-0858

GHSA-22GR-GPPH-J2C5

GSD-2018-4069

FKIE_CVE-2018-4069

ICSA-19-122-03

Tags

Sightings

Nomenclature