CVE-2018-4069
Sierra Wireless AirLink ES450 ACEManager Information Exposure
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
Existe una vulnerabilidad de divulgación de información en la funcionalidad de autenticación ACEManager de Sierra Wireless AirLink ES450 FW 4.9.3. La funcionalidad de autenticación de ACEManager se realiza en texto plano XML al servidor web. Un atacante puede escuchar el tráfico de la red desde el dispositivo para aprovechar esta vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-02 CVE Reserved
- 2019-04-27 CVE Published
- 2024-04-29 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html | X_refsource_misc |
|
| http://www.securityfocus.com/bid/108147 | Vdb Entry | |
| https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sierrawireless Search vendor "Sierrawireless" | Airlink Es450 Firmware Search vendor "Sierrawireless" for product "Airlink Es450 Firmware" | 4.9.3 Search vendor "Sierrawireless" for product "Airlink Es450 Firmware" and version "4.9.3" | - |
Affected
| in | Sierrawireless Search vendor "Sierrawireless" | Airlink Es450 Search vendor "Sierrawireless" for product "Airlink Es450" | - | - |
Safe
|