VAR-201905-0856
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0856",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airlink es450",
"scope": "eq",
"trust": 1.0,
"vendor": "sierrawireless",
"version": "4.9.3"
},
{
"model": "airlink es450",
"scope": "eq",
"trust": 0.8,
"vendor": "sierra",
"version": "fw 4.9.3"
},
{
"model": "wireless airlink es450",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink rv50x aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink rv50 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70e aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink mp70 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.2"
},
{
"model": "wireless airlink lx60 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.10"
},
{
"model": "wireless airlink lx40 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.11.1"
},
{
"model": "wireless airlink ls300 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink gx440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx400 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink es450 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.3"
},
{
"model": "wireless airlink es440 aleos",
"scope": "eq",
"trust": 0.3,
"vendor": "sierra",
"version": "4.4.8"
},
{
"model": "wireless airlink gx450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink gx450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
},
{
"model": "wireless airlink es450 aleos 4.9.4.p09",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink es450 aleos",
"scope": "ne",
"trust": 0.3,
"vendor": "sierra",
"version": "4.9.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4067"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
],
"trust": 0.6
},
"cve": "CVE-2018-4067",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4067",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-13397",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-134098",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4067",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4067",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-13397",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134098",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\n4. An cross-site scripting vulnerability\n5. A cross-site request-forgery vulnerability\n6. Multiple information disclosure vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "VULHUB",
"id": "VHN-134098"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-134098",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134098"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0752",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2018-4067",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-122-03",
"trust": 2.8
},
{
"db": "BID",
"id": "108147",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "152652",
"trust": 1.7
},
{
"db": "TALOS",
"id": "TALOS-2018-0746",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0748",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0754",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0747",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0750",
"trust": 0.9
},
{
"db": "TALOS",
"id": "TALOS-2018-0751",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-13397",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1530.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-134098",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"id": "VAR-201905-0856",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
}
]
},
"last_update_date": "2023-12-18T12:17:59.099000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirLink ES450: LTE Enterprise Gateway",
"trust": 0.8,
"url": "https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/"
},
{
"title": "Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability (CNVD-2019-13397)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/160539"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-122-03"
},
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0752"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108147"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/152652/sierra-wireless-airlink-es450-acemanager-template_load.cgi-information-disclosure.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4067"
},
{
"trust": 1.2,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/"
},
{
"trust": 0.9,
"url": "https://www.sierrawireless.com/"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0751"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0754"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0746"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0750"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0752"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0748"
},
{
"trust": 0.9,
"url": "https://www.talosintelligence.com/reports/talos-2018-0747"
},
{
"trust": 0.9,
"url": "https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4067"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/"
},
{
"trust": 0.6,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-122-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1530.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80158"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47364"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152652/sierra-wireless-airlink-es450-acemanager-template/load.cgi-information-disclosure.html"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/"
},
{
"trust": 0.3,
"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"db": "VULHUB",
"id": "VHN-134098"
},
{
"db": "BID",
"id": "108147"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"date": "2019-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-134098"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"date": "2019-05-06T19:29:00.840000",
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"date": "2019-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-13397"
},
{
"date": "2019-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-134098"
},
{
"date": "2019-04-25T00:00:00",
"db": "BID",
"id": "108147"
},
{
"date": "2019-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015386"
},
{
"date": "2019-05-07T20:29:01.563000",
"db": "NVD",
"id": "CVE-2018-4067"
},
{
"date": "2020-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink ES450 FW Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015386"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1173"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…