Details of VAR-201604-0316

ID

VAR-201604-0316

CVE

CVE-2015-6479

TITLE

Run on multiple devices Sierra Wireless ALEOS of ACEmanager In filteredlogs.txt File read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007103

DESCRIPTION

ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-538: File and Directory Information Exposure ( Leakage of file and directory information ) Has been identified. https://cwe.mitre.org/data/definitions/538.htmlBy a third party filteredlogs.txt The file can be read and as a result, important boot sequence information can be obtained. The SierraWirelessALEOSonES440, ES450, GX400, GX440, GX450 and LS300 are a suite of application frameworks running on the ES440, ES450, GX400, GX440, GX450 and LS300 Smart Gateway devices. A security vulnerability exists in ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on several Sierra Wireless devices. The following products are affected: Sierra Wireless ES440, ES450, GX400, GX440, GX450, LS300

Trust: 2.25

sources: NVD: CVE-2015-6479 // JVNDB: JVNDB-2015-007103 // CNVD: CNVD-2016-02641 // VULHUB: VHN-84440

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02641

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	aleos	scope:	lte	version:	4.4.2	Trust: 1.0
vendor:	sierra	model:	airlink es440	scope:	-	version:	-	Trust: 0.8
vendor:	sierra	model:	airlink es450	scope:	-	version:	-	Trust: 0.8
vendor:	sierra	model:	airlink gx400	scope:	-	version:	-	Trust: 0.8
vendor:	sierra	model:	airlink gx440	scope:	-	version:	-	Trust: 0.8
vendor:	sierra	model:	airlink gx450	scope:	-	version:	-	Trust: 0.8
vendor:	sierra	model:	airlink ls300	scope:	-	version:	-	Trust: 0.8
vendor:	sierra	model:	aleos	scope:	lte	version:	4.4.2	Trust: 0.8
vendor:	sierra	model:	wireless aleos	scope:	lte	version:	<=4.4.2	Trust: 0.6
vendor:	sierra	model:	wireless es440	scope:	-	version:	-	Trust: 0.6
vendor:	sierra	model:	wireless es450	scope:	-	version:	-	Trust: 0.6
vendor:	sierra	model:	wireless gx400	scope:	-	version:	-	Trust: 0.6
vendor:	sierra	model:	wireless gx440	scope:	-	version:	-	Trust: 0.6
vendor:	sierra	model:	wireless gx450	scope:	-	version:	-	Trust: 0.6
vendor:	sierra	model:	wireless ls300	scope:	-	version:	-	Trust: 0.6
vendor:	sierra	model:	aleos	scope:	eq	version:	4.4.2	Trust: 0.6

sources: CNVD: CNVD-2016-02641 // JVNDB: JVNDB-2015-007103 // CNNVD: CNNVD-201604-510 // NVD: CVE-2015-6479

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6479
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6479
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-02641
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201604-510
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84440
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6479
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-02641
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-84440
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6479
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2015-6479
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-02641 // VULHUB: VHN-84440 // JVNDB: JVNDB-2015-007103 // CNNVD: CNNVD-201604-510 // NVD: CVE-2015-6479

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-007103 // NVD: CVE-2015-6479

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-510

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201604-510

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007103

PATCH

title:	ALEOS Application Framework	url:	http://source.sierrawireless.com/resources/airlink/aleos_af/aleos_af_home/	Trust: 0.8
title:	Source	url:	http://source.sierrawireless.com/	Trust: 0.8
title:	Patches for multiple SierraWireless devices ALEOS sensitive information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/74832	Trust: 0.6
title:	Multiple Sierra Wireless device ALEOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61199	Trust: 0.6

sources: CNVD: CNVD-2016-02641 // JVNDB: JVNDB-2015-007103 // CNNVD: CNNVD-201604-510

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-16-105-01	Trust: 3.1
db:	NVD	id:	CVE-2015-6479	Trust: 3.1
db:	JVNDB	id:	JVNDB-2015-007103	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-510	Trust: 0.7
db:	CNVD	id:	CNVD-2016-02641	Trust: 0.6
db:	VULHUB	id:	VHN-84440	Trust: 0.1

sources: CNVD: CNVD-2016-02641 // VULHUB: VHN-84440 // JVNDB: JVNDB-2015-007103 // CNNVD: CNNVD-201604-510 // NVD: CVE-2015-6479

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-105-01	Trust: 3.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6479	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6479	Trust: 0.8

sources: CNVD: CNVD-2016-02641 // VULHUB: VHN-84440 // JVNDB: JVNDB-2015-007103 // CNNVD: CNNVD-201604-510 // NVD: CVE-2015-6479

SOURCES

db:	CNVD	id:	CNVD-2016-02641
db:	VULHUB	id:	VHN-84440
db:	JVNDB	id:	JVNDB-2015-007103
db:	CNNVD	id:	CNNVD-201604-510
db:	NVD	id:	CVE-2015-6479

LAST UPDATE DATE

2024-11-23T22:22:45.899000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02641	date:	2016-04-27T00:00:00
db:	VULHUB	id:	VHN-84440	date:	2016-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-007103	date:	2016-04-27T00:00:00
db:	CNNVD	id:	CNNVD-201604-510	date:	2016-04-22T00:00:00
db:	NVD	id:	CVE-2015-6479	date:	2024-11-21T02:35:03.080

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02641	date:	2016-04-27T00:00:00
db:	VULHUB	id:	VHN-84440	date:	2016-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2015-007103	date:	2016-04-27T00:00:00
db:	CNNVD	id:	CNNVD-201604-510	date:	2016-04-22T00:00:00
db:	NVD	id:	CVE-2015-6479	date:	2016-04-21T10:59:01.537