Details of VAR-201905-0854

ID

VAR-201905-0854

CVE

CVE-2018-4065

TITLE

Sierra Wireless AirLink ES450 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-14394 // CNNVD: CNNVD-201904-1196

DESCRIPTION

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A cross-site scripting vulnerability exists in the ACEManagerping_result.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3, which stems from the lack of proper validation of client data by web applications. An attacker could exploit the vulnerability to execute client code. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-4065 // JVNDB: JVNDB-2018-015384 // CNVD: CNVD-2019-14394 // BID: 108147 // VULHUB: VHN-134096

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-14394

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 1.0
vendor:	sierra	model:	airlink es450	scope:	eq	version:	fw 4.9.3	Trust: 0.8
vendor:	sierra	model:	wireless airlink es450 fw	scope:	eq	version:	4.9.3	Trust: 0.6
vendor:	sierra	model:	wireless airlink rv50x aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink rv50 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70e aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx60 aleos	scope:	eq	version:	4.10	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx40 aleos	scope:	eq	version:	4.11.1	Trust: 0.3
vendor:	sierra	model:	wireless airlink ls300 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx400 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink es440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3

sources: CNVD: CNVD-2019-14394 // BID: 108147 // JVNDB: JVNDB-2018-015384 // NVD: CVE-2018-4065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4065
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4065
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-14394
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-1196
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-134096
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4065
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-14394
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-134096
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4065
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-14394 // VULHUB: VHN-134096 // JVNDB: JVNDB-2018-015384 // CNNVD: CNNVD-201904-1196 // NVD: CVE-2018-4065

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-134096 // JVNDB: JVNDB-2018-015384 // NVD: CVE-2018-4065

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1196

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201904-1196

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015384

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134096

PATCH

title:	AirLink ES450: LTE Enterprise Gateway	url:	https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/	Trust: 0.8
title:	Patch for SierraWirelessAirLinkES450 Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/161293	Trust: 0.6

sources: CNVD: CNVD-2019-14394 // JVNDB: JVNDB-2018-015384

EXTERNAL IDS

db:	TALOS	id:	TALOS-2018-0750	Trust: 3.4
db:	NVD	id:	CVE-2018-4065	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-122-03	Trust: 2.8
db:	BID	id:	108147	Trust: 2.0
db:	PACKETSTORM	id:	152650	Trust: 1.7
db:	TALOS	id:	TALOS-2018-0746	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0752	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0748	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0754	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0747	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0751	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015384	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1196	Trust: 0.7
db:	CNVD	id:	CNVD-2019-14394	Trust: 0.6
db:	NSFOCUS	id:	47356	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1530.2	Trust: 0.6
db:	VULHUB	id:	VHN-134096	Trust: 0.1

sources: CNVD: CNVD-2019-14394 // VULHUB: VHN-134096 // BID: 108147 // JVNDB: JVNDB-2018-015384 // CNNVD: CNNVD-201904-1196 // NVD: CVE-2018-4065

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-122-03	Trust: 2.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0750	Trust: 2.5
url:	http://www.securityfocus.com/bid/108147	Trust: 2.3
url:	http://packetstormsecurity.com/files/152650/sierra-wireless-airlink-es450-acemanager-ping_result.cgi-cross-site-scripting.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4065	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0750	Trust: 1.2
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/	Trust: 0.9
url:	https://www.sierrawireless.com/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0751	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0754	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0746	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0750	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0752	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0748	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0747	Trust: 0.9
url:	https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4065	Trust: 0.8
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47356	Trust: 0.6
url:	https://packetstormsecurity.com/files/152650/sierra-wireless-airlink-es450-acemanager-ping/result.cgi-cross-site-scripting.html	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-122-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1530.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80158	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/	Trust: 0.3

sources: CNVD: CNVD-2019-14394 // VULHUB: VHN-134096 // BID: 108147 // JVNDB: JVNDB-2018-015384 // CNNVD: CNNVD-201904-1196 // NVD: CVE-2018-4065

CREDITS

Carl Hurd and Jared Rittle of Cisco Talos,Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1196

SOURCES

db:	CNVD	id:	CNVD-2019-14394
db:	VULHUB	id:	VHN-134096
db:	BID	id:	108147
db:	JVNDB	id:	JVNDB-2018-015384
db:	CNNVD	id:	CNNVD-201904-1196
db:	NVD	id:	CVE-2018-4065

LAST UPDATE DATE

2024-11-23T21:59:56.751000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-14394	date:	2019-05-15T00:00:00
db:	VULHUB	id:	VHN-134096	date:	2019-05-07T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015384	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1196	date:	2020-08-03T00:00:00
db:	NVD	id:	CVE-2018-4065	date:	2024-11-21T04:06:40.717

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-14394	date:	2019-05-15T00:00:00
db:	VULHUB	id:	VHN-134096	date:	2019-05-06T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015384	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1196	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-4065	date:	2019-05-06T19:29:00.700