Details of VAR-201905-0852

ID

VAR-201905-0852

CVE

CVE-2018-4062

TITLE

Sierra Wireless AirLink ES450 Vulnerabilities related to the use of hard-coded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-015405

DESCRIPTION

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. Sierra Wireless AirLink ES450 The firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 1.98

sources: NVD: CVE-2018-4062 // JVNDB: JVNDB-2018-015405 // BID: 108147 // VULHUB: VHN-134093

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 1.0
vendor:	sierra	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 0.8
vendor:	sierra	model:	wireless airlink rv50x aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink rv50 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70e aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx60 aleos	scope:	eq	version:	4.10	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx40 aleos	scope:	eq	version:	4.11.1	Trust: 0.3
vendor:	sierra	model:	wireless airlink ls300 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx400 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink es440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3

sources: BID: 108147 // JVNDB: JVNDB-2018-015405 // NVD: CVE-2018-4062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4062
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4062
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-1182
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134093
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4062
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134093
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4062
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134093 // JVNDB: JVNDB-2018-015405 // CNNVD: CNNVD-201904-1182 // NVD: CVE-2018-4062

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-134093 // JVNDB: JVNDB-2018-015405 // NVD: CVE-2018-4062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1182

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-1182

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015405

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134093

PATCH

title:

AirLink ES450

url:

https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/

Trust: 0.8

sources: JVNDB: JVNDB-2018-015405

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4062	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-122-03	Trust: 2.8
db:	TALOS	id:	TALOS-2018-0747	Trust: 2.8
db:	BID	id:	108147	Trust: 2.0
db:	PACKETSTORM	id:	152647	Trust: 1.7
db:	TALOS	id:	TALOS-2018-0746	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0752	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0748	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0754	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0750	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0751	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015405	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1182	Trust: 0.7
db:	NSFOCUS	id:	47365	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1530.2	Trust: 0.6
db:	VULHUB	id:	VHN-134093	Trust: 0.1

sources: VULHUB: VHN-134093 // BID: 108147 // JVNDB: JVNDB-2018-015405 // CNNVD: CNNVD-201904-1182 // NVD: CVE-2018-4062

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-122-03	Trust: 2.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0747	Trust: 2.5
url:	http://www.securityfocus.com/bid/108147	Trust: 2.3
url:	http://packetstormsecurity.com/files/152647/sierra-wireless-airlink-es450-snmpd-hard-coded-credentials.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4062	Trust: 1.4
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/	Trust: 0.9
url:	https://www.sierrawireless.com/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0751	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0754	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0746	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0750	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0752	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0748	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0747	Trust: 0.9
url:	https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4062	Trust: 0.8
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-122-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1530.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80158	Trust: 0.6
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0747	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47365	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/	Trust: 0.3

sources: VULHUB: VHN-134093 // BID: 108147 // JVNDB: JVNDB-2018-015405 // CNNVD: CNNVD-201904-1182 // NVD: CVE-2018-4062

CREDITS

Cisco Talos,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1182

SOURCES

db:	VULHUB	id:	VHN-134093
db:	BID	id:	108147
db:	JVNDB	id:	JVNDB-2018-015405
db:	CNNVD	id:	CNNVD-201904-1182
db:	NVD	id:	CVE-2018-4062

LAST UPDATE DATE

2024-11-23T21:59:56.790000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134093	date:	2019-05-08T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015405	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201904-1182	date:	2020-08-03T00:00:00
db:	NVD	id:	CVE-2018-4062	date:	2024-11-21T04:06:40.247

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134093	date:	2019-05-06T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015405	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201904-1182	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-4062	date:	2019-05-06T19:29:00.577