var-201604-0316
Vulnerability from variot
ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-538: File and Directory Information Exposure ( Leakage of file and directory information ) Has been identified. https://cwe.mitre.org/data/definitions/538.htmlBy a third party filteredlogs.txt The file can be read and as a result, important boot sequence information can be obtained. The SierraWirelessALEOSonES440, ES450, GX400, GX440, GX450 and LS300 are a suite of application frameworks running on the ES440, ES450, GX400, GX440, GX450 and LS300 Smart Gateway devices. A security vulnerability exists in ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on several Sierra Wireless devices. The following products are affected: Sierra Wireless ES440, ES450, GX400, GX440, GX450, LS300
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aleos",
"scope": "lte",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.4.2"
},
{
"model": "airlink es440",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink es450",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx400",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx440",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink gx450",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "airlink ls300",
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": "aleos",
"scope": "lte",
"trust": 0.8,
"vendor": "sierra",
"version": "4.4.2"
},
{
"model": "wireless aleos",
"scope": "lte",
"trust": 0.6,
"vendor": "sierra",
"version": "\u003c=4.4.2"
},
{
"model": "wireless es440",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless es450",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless gx400",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless gx440",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless gx450",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "wireless ls300",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
},
{
"model": "aleos",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.4.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:es440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:ls300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6479"
}
]
},
"cve": "CVE-2015-6479",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-6479",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-02641",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-84440",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2015-6479",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6479",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-02641",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-510",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84440",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-538: File and Directory Information Exposure ( Leakage of file and directory information ) Has been identified. https://cwe.mitre.org/data/definitions/538.htmlBy a third party filteredlogs.txt The file can be read and as a result, important boot sequence information can be obtained. The SierraWirelessALEOSonES440, ES450, GX400, GX440, GX450 and LS300 are a suite of application frameworks running on the ES440, ES450, GX400, GX440, GX450 and LS300 Smart Gateway devices. A security vulnerability exists in ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on several Sierra Wireless devices. The following products are affected: Sierra Wireless ES440, ES450, GX400, GX440, GX450, LS300",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-16-105-01",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2015-6479",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02641",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84440",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"id": "VAR-201604-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
}
],
"trust": 1.6642857142857141
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
}
]
},
"last_update_date": "2023-12-18T12:51:32.404000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ALEOS Application Framework",
"trust": 0.8,
"url": "http://source.sierrawireless.com/resources/airlink/aleos_af/aleos_af_home/"
},
{
"title": "Source",
"trust": 0.8,
"url": "http://source.sierrawireless.com/"
},
{
"title": "Patches for multiple SierraWireless devices ALEOS sensitive information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74832"
},
{
"title": "Multiple Sierra Wireless device ALEOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61199"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6479"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6479"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"db": "VULHUB",
"id": "VHN-84440"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"date": "2016-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-84440"
},
{
"date": "2016-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"date": "2016-04-21T10:59:01.537000",
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02641"
},
{
"date": "2016-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-84440"
},
{
"date": "2016-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007103"
},
{
"date": "2021-06-17T17:42:09.983000",
"db": "NVD",
"id": "CVE-2015-6479"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Run on multiple devices Sierra Wireless ALEOS of ACEmanager In filteredlogs.txt File read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-510"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.