CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-4067 – Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure
https://notcve.org/view.php?id=CVE-2018-4067
An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información explotable en la funcionalidad template_load.cgi de ACEManager de Sierra Wireless AirLink ES450 FW 4.9.3. Una petición HTTP especialmente diseñada puede causar una fuga de información, lo que resulta en la divulgación de rutas y archivos internos. • http://packetstormsecurity.com/files/152652/Sierra-Wireless-AirLink-ES450-ACEManager-template_load.cgi-Information-Disclosure.html http://www.securityfocus.com/bid/108147 https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0752 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 9%CPEs: 2EXPL: 1CVE-2018-4070 – Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
https://notcve.org/view.php?id=CVE-2018-4070
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint. Existe una vulnerabilidad explotable de divulgación de información en la funcionalidad de ACEManager EmbeddedAceGet_Task.cgi de Sierra Wireless AirLink ES450 FW 4.9.3. Este binario no tiene ninguna configuración restringida, por lo que una vez que se descubre el MSCIID, cualquier usuario autenticado puede enviar cambios de configuración utilizando el endpoint /cgi-bin/Embedded_Ace_Get_Task.cgi. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0755 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 9%CPEs: 2EXPL: 1CVE-2018-4071 – Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
https://notcve.org/view.php?id=CVE-2018-4071
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGet_Task.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_TLGet_Task.cgi endpoint. Existe una vulnerabilidad explotable de divulgación de información en la funcionalidad de ACEManager EmbeddedAceGet_Task.cgi de Sierra Wireless AirLink ES450 FW 4.9.3. El ejecutable EmbeddedAceTLGet_Task.cgi se utiliza para recuperar los valores de configuración MSCII dentro del gestor de configuración del AirLink ES450. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0755 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-4068 – Sierra Wireless AirLink ES450 ACEManager Information Disclosure
https://notcve.org/view.php?id=CVE-2018-4068
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de Divulgación de Información explotable en la funcionalidad ACEManager de Sierra Wireless AirLink ES450 FW versión 4.9.3. Una solicitud HTTP puede dar conllevar a la divulgación de la configuración por defecto para el dispositivo. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0753 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 42%CPEs: 2EXPL: 1CVE-2018-4066 – Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-4066
An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability. En la funcionalidad del ACEManager de Sierra Wireless AirLink ES450 FW 4.9.3 existe una vulnerabilidad explotable de CSRF. Una solicitud HTTP especialmente diseñada puede hacer que un usuario autenticado realice solicitudes privilegiadas sin saberlo, lo que provoca que se realicen solicitudes no autenticadas a través de un usuario autenticado. • http://packetstormsecurity.com/files/152651/Sierra-Wireless-AirLink-ES450-ACEManager-Cross-Site-Request-Forgery.html http://www.securityfocus.com/bid/108147 https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0751 • CWE-352: Cross-Site Request Forgery (CSRF) •