var-201508-0602
Vulnerability from variot
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. Sierra Wireless Provided by AirLink Management software running on the gateway device ALEOS Has a problem with hard-coded credentials. ALEOS version 4.3.4 And earlier, these root Authorized accounts are enabled by default, telnet Or ssh It is accessible at. ALEOS version 4.3.5 From 4.4.1 By default, hard-coded accounts are enabled, but remote access is disabled. CWE-259: Use of Hard-coded Password https://cwe.mitre.org/data/definitions/259.htmlA remote attacker could manipulate the affected device. Sierra Wireless ALEOS is prone to multiple privilege-escalation vulnerabilities. A remote attacker could exploit this vulnerability via an SSH or TELNET session to gain administrator access. The following devices are affected: AirLink ES, GX, LS
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0602",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "lte",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.1"
},
{
"model": "airlink es440",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink es450",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx400",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx440",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx450",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink ls300",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "aleos",
"scope": "lte",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.1"
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.6,
"vendor": "sierrawireless",
"version": "4.4.1"
},
{
"model": "wireless aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.1"
},
{
"model": "wireless aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.3.5"
},
{
"model": "wireless aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.3.4"
},
{
"model": "wireless airlink ls",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "0"
},
{
"model": "wireless airlink gx",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "0"
},
{
"model": "wireless airlink es",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "0"
},
{
"model": "wireless aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.2"
}
],
"sources": [
{
"db": "BID",
"id": "76264"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_gx450:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es440:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_gx440:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_ls300:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "anonymous",
"sources": [
{
"db": "BID",
"id": "76264"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2897",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80858",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2897",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-047",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-80858",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session. Sierra Wireless Provided by AirLink Management software running on the gateway device ALEOS Has a problem with hard-coded credentials. ALEOS version 4.3.4 And earlier, these root Authorized accounts are enabled by default, telnet Or ssh It is accessible at. ALEOS version 4.3.5 From 4.4.1 By default, hard-coded accounts are enabled, but remote access is disabled. CWE-259: Use of Hard-coded Password https://cwe.mitre.org/data/definitions/259.htmlA remote attacker could manipulate the affected device. Sierra Wireless ALEOS is prone to multiple privilege-escalation vulnerabilities. A remote attacker could exploit this vulnerability via an SSH or TELNET session to gain administrator access. The following devices are affected: AirLink ES, GX, LS",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2897"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "BID",
"id": "76264"
},
{
"db": "VULHUB",
"id": "VHN-80858"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#628568",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2015-2897",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU95544994",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047",
"trust": 0.7
},
{
"db": "BID",
"id": "76264",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-80858",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "BID",
"id": "76264"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"id": "VAR-201508-0602",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
}
],
"trust": 0.89166665
},
"last_update_date": "2024-04-19T22:52:23.652000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ALEOS Application Framework",
"trust": 0.8,
"url": "http://source.sierrawireless.com/resources/airlink/aleos_af/aleos_af_home/"
},
{
"title": "ALEOS 4.4.2 Release Notes",
"trust": 0.8,
"url": "http://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,2-release-notes/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/628568"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2897"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95544994"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2897"
},
{
"trust": 0.3,
"url": "http://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "http://source.sierrawireless.com/resources/airlink/aleos_af/aleos_af_home/"
},
{
"trust": 0.3,
"url": "http://www.sierrawireless.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "BID",
"id": "76264"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80858"
},
{
"db": "BID",
"id": "76264"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80858"
},
{
"date": "2015-08-07T00:00:00",
"db": "BID",
"id": "76264"
},
{
"date": "2015-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"date": "2015-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"date": "2015-08-08T01:59:00.113000",
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-80858"
},
{
"date": "2015-08-07T00:00:00",
"db": "BID",
"id": "76264"
},
{
"date": "2015-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004031"
},
{
"date": "2015-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-047"
},
{
"date": "2015-08-11T18:10:12.353000",
"db": "NVD",
"id": "CVE-2015-2897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ALEOS Use Sierra Wireless Multiple devices use hard-coded passwords",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004031"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-047"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.