Details of VAR-201905-0853

ID

VAR-201905-0853

CVE

CVE-2018-4063

TITLE

Sierra Wireless AirLink ES450 FW Vulnerable to unlimited upload of dangerous types of files

Trust: 0.8

sources: JVNDB: JVNDB-2018-015383

DESCRIPTION

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. Sierra Wireless AirLink ES450 FW Contains an unlimited upload of dangerous types of files.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

Trust: 1.98

sources: NVD: CVE-2018-4063 // JVNDB: JVNDB-2018-015383 // BID: 108147 // VULHUB: VHN-134094

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 1.0
vendor:	sierra	model:	airlink es450	scope:	eq	version:	fw 4.9.3	Trust: 0.8
vendor:	sierra	model:	wireless airlink rv50x aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink rv50 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70e aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx60 aleos	scope:	eq	version:	4.10	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx40 aleos	scope:	eq	version:	4.11.1	Trust: 0.3
vendor:	sierra	model:	wireless airlink ls300 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx400 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink es440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3

sources: BID: 108147 // JVNDB: JVNDB-2018-015383 // NVD: CVE-2018-4063

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4063
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4063
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201904-1176
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134094
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-4063
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-134094
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4063
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-134094 // JVNDB: JVNDB-2018-015383 // CNNVD: CNNVD-201904-1176 // NVD: CVE-2018-4063

PROBLEMTYPE DATA

problemtype:

CWE-434

Trust: 1.9

sources: VULHUB: VHN-134094 // JVNDB: JVNDB-2018-015383 // NVD: CVE-2018-4063

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1176

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-1176

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015383

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134094

PATCH

title:

AirLink ES450: LTE Enterprise Gateway

url:

https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/

Trust: 0.8

sources: JVNDB: JVNDB-2018-015383

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4063	Trust: 2.8
db:	TALOS	id:	TALOS-2018-0748	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-122-03	Trust: 2.8
db:	BID	id:	108147	Trust: 2.0
db:	PACKETSTORM	id:	152648	Trust: 1.7
db:	TALOS	id:	TALOS-2018-0746	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0752	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0754	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0747	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0750	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0751	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015383	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1176	Trust: 0.7
db:	NSFOCUS	id:	47358	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1530.2	Trust: 0.6
db:	VULHUB	id:	VHN-134094	Trust: 0.1

sources: VULHUB: VHN-134094 // BID: 108147 // JVNDB: JVNDB-2018-015383 // CNNVD: CNNVD-201904-1176 // NVD: CVE-2018-4063

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-122-03	Trust: 2.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0748	Trust: 2.5
url:	http://www.securityfocus.com/bid/108147	Trust: 2.3
url:	http://packetstormsecurity.com/files/152648/sierra-wireless-airlink-es450-acemanager-upload.cgi-remote-code-execution.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4063	Trust: 1.4
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/	Trust: 0.9
url:	https://www.sierrawireless.com/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0751	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0754	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0746	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0750	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0752	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0748	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0747	Trust: 0.9
url:	https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4063	Trust: 0.8
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47358	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-122-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1530.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80158	Trust: 0.6
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0748	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/	Trust: 0.3

sources: VULHUB: VHN-134094 // BID: 108147 // JVNDB: JVNDB-2018-015383 // CNNVD: CNNVD-201904-1176 // NVD: CVE-2018-4063

CREDITS

Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1176

SOURCES

db:	VULHUB	id:	VHN-134094
db:	BID	id:	108147
db:	JVNDB	id:	JVNDB-2018-015383
db:	CNNVD	id:	CNNVD-201904-1176
db:	NVD	id:	CVE-2018-4063

LAST UPDATE DATE

2024-11-23T21:59:56.590000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-134094	date:	2019-05-07T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015383	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1176	date:	2020-08-03T00:00:00
db:	NVD	id:	CVE-2018-4063	date:	2024-11-21T04:06:40.420

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-134094	date:	2019-05-06T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015383	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1176	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-4063	date:	2019-05-06T19:29:00.637