Details of VAR-201905-0855

ID

VAR-201905-0855

CVE

CVE-2018-4066

TITLE

Sierra Wireless AirLink ES450 Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-13406 // CNNVD: CNNVD-201904-1179

DESCRIPTION

An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from the fact that the web application did not fully verify that the request came from a trusted user. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-4066 // JVNDB: JVNDB-2018-015385 // CNVD: CNVD-2019-13406 // BID: 108147 // VULHUB: VHN-134097

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13406

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 1.0
vendor:	sierra	model:	airlink es450	scope:	eq	version:	fw 4.9.3	Trust: 0.8
vendor:	sierra	model:	wireless airlink es450	scope:	eq	version:	4.9.3	Trust: 0.6
vendor:	sierra	model:	wireless airlink rv50x aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink rv50 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70e aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx60 aleos	scope:	eq	version:	4.10	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx40 aleos	scope:	eq	version:	4.11.1	Trust: 0.3
vendor:	sierra	model:	wireless airlink ls300 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx400 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink es440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3

sources: CNVD: CNVD-2019-13406 // BID: 108147 // JVNDB: JVNDB-2018-015385 // NVD: CVE-2018-4066

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4066
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4066
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-13406
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-1179
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134097
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4066
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-13406
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-134097
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4066
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-13406 // VULHUB: VHN-134097 // JVNDB: JVNDB-2018-015385 // CNNVD: CNNVD-201904-1179 // NVD: CVE-2018-4066

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-134097 // JVNDB: JVNDB-2018-015385 // NVD: CVE-2018-4066

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1179

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201904-1179

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015385

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134097

PATCH

title:	AirLink ES450: LTE Enterprise Gateway	url:	https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/	Trust: 0.8
title:	Patch for SierraWirelessAirLinkES450 Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/160591	Trust: 0.6
title:	Sierra Wireless AirLink ES450 Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92005	Trust: 0.6

sources: CNVD: CNVD-2019-13406 // JVNDB: JVNDB-2018-015385 // CNNVD: CNNVD-201904-1179

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4066	Trust: 3.4
db:	TALOS	id:	TALOS-2018-0751	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-122-03	Trust: 2.8
db:	BID	id:	108147	Trust: 2.6
db:	PACKETSTORM	id:	152651	Trust: 1.7
db:	TALOS	id:	TALOS-2018-0746	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0752	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0748	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0754	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0747	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0750	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015385	Trust: 0.8
db:	CNVD	id:	CNVD-2019-13406	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1530.2	Trust: 0.6
db:	NSFOCUS	id:	47708	Trust: 0.6
db:	CNNVD	id:	CNNVD-201904-1179	Trust: 0.6
db:	VULHUB	id:	VHN-134097	Trust: 0.1

sources: CNVD: CNVD-2019-13406 // VULHUB: VHN-134097 // BID: 108147 // JVNDB: JVNDB-2018-015385 // CNNVD: CNNVD-201904-1179 // NVD: CVE-2018-4066

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-122-03	Trust: 2.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0751	Trust: 2.5
url:	http://www.securityfocus.com/bid/108147	Trust: 2.3
url:	http://packetstormsecurity.com/files/152651/sierra-wireless-airlink-es450-acemanager-cross-site-request-forgery.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4066	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0751	Trust: 1.2
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/	Trust: 0.9
url:	https://www.sierrawireless.com/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0751	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0754	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0746	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0750	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0752	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0748	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0747	Trust: 0.9
url:	https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4066	Trust: 0.8
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-122-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1530.2/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47708	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80158	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/	Trust: 0.3

sources: CNVD: CNVD-2019-13406 // VULHUB: VHN-134097 // BID: 108147 // JVNDB: JVNDB-2018-015385 // CNNVD: CNNVD-201904-1179 // NVD: CVE-2018-4066

CREDITS

Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1179

SOURCES

db:	CNVD	id:	CNVD-2019-13406
db:	VULHUB	id:	VHN-134097
db:	BID	id:	108147
db:	JVNDB	id:	JVNDB-2018-015385
db:	CNNVD	id:	CNNVD-201904-1179
db:	NVD	id:	CVE-2018-4066

LAST UPDATE DATE

2024-11-23T21:59:56.625000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13406	date:	2019-05-09T00:00:00
db:	VULHUB	id:	VHN-134097	date:	2019-05-07T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015385	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1179	date:	2020-08-12T00:00:00
db:	NVD	id:	CVE-2018-4066	date:	2024-11-21T04:06:40.910

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13406	date:	2019-05-09T00:00:00
db:	VULHUB	id:	VHN-134097	date:	2019-05-06T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015385	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1179	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-4066	date:	2019-05-06T19:29:00.763