CVE-2018-4072
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint.
Existe una vulnerabilidad explotable de Asignación de Permisos en la funcionalidad de ACEManager EmbeddedAceSet_Task.cgi de Sierra Wireless AirLink ES450 FW 4.9.3. El ejecutable EmbeddedAceSet_Task.cgi se utiliza para cambiar los valores de configuración MSCII dentro del gestor de configuración del AirLink ES450. Este binario no tiene ninguna configuración restringida, por lo que una vez que se descubre el MSCIID, cualquier usuario autenticado puede enviar cambios de configuración utilizando el endpoint /cgi-bin/Embedded_Ace_Set_Task.cgi.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-02 CVE Reserved
- 2019-05-06 CVE Published
- 2023-11-30 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0756 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sierrawireless Search vendor "Sierrawireless" | Airlink Es450 Firmware Search vendor "Sierrawireless" for product "Airlink Es450 Firmware" | 4.9.3 Search vendor "Sierrawireless" for product "Airlink Es450 Firmware" and version "4.9.3" | - |
Affected
| in | Sierrawireless Search vendor "Sierrawireless" | Airlink Es450 Search vendor "Sierrawireless" for product "Airlink Es450" | - | - |
Safe
|