VAR-201905-0854
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A cross-site scripting vulnerability exists in the ACEManagerping_result.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0854",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "fw 4.9.3"
},
{
"model": "wireless airlink es450 fw",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4065"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos,Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4065",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-4065",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-14394",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-134096",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-4065",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4065",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-14394",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1196",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134096",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim\u0027s browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A cross-site scripting vulnerability exists in the ACEManagerping_result.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134096"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134096",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134096"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-4065",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "152650",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-14394",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47356",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134096",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"id": "VAR-201905-0854",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
}
]
},
"last_update_date": "2023-12-18T12:17:59.218000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450: LTE Enterprise Gateway",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/161293"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0750"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/152650/sierra-wireless-airlink-es450-acemanager-ping_result.cgi-cross-site-scripting.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4065"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4065"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47356"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152650/sierra-wireless-airlink-es450-acemanager-ping/result.cgi-cross-site-scripting.html"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "VULHUB",
"id": "VHN-134096"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134096"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"date": "2019-05-06T19:29:00.700000",
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134096"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015384"
},
{
"date": "2019-05-07T20:29:01.173000",
"db": "NVD",
"id": "CVE-2018-4065"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-14394"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1196"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…