Details of VAR-201905-0856

ID

VAR-201905-0856

CVE

CVE-2018-4067

TITLE

Sierra Wireless AirLink ES450 FW Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015386

DESCRIPTION

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-4067 // JVNDB: JVNDB-2018-015386 // CNVD: CNVD-2019-13397 // BID: 108147 // VULHUB: VHN-134098

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13397

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 1.0
vendor:	sierra	model:	airlink es450	scope:	eq	version:	fw 4.9.3	Trust: 0.8
vendor:	sierra	model:	wireless airlink es450	scope:	eq	version:	4.9.3	Trust: 0.6
vendor:	sierra	model:	wireless airlink rv50x aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink rv50 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70e aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx60 aleos	scope:	eq	version:	4.10	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx40 aleos	scope:	eq	version:	4.11.1	Trust: 0.3
vendor:	sierra	model:	wireless airlink ls300 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx400 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink es440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3

sources: CNVD: CNVD-2019-13397 // BID: 108147 // JVNDB: JVNDB-2018-015386 // NVD: CVE-2018-4067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4067
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4067
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-13397
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-1173
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-134098
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4067
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-13397
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-134098
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4067
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-13397 // VULHUB: VHN-134098 // JVNDB: JVNDB-2018-015386 // CNNVD: CNNVD-201904-1173 // NVD: CVE-2018-4067

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-134098 // JVNDB: JVNDB-2018-015386 // NVD: CVE-2018-4067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1173

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-1173

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015386

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134098

PATCH

title:	AirLink ES450: LTE Enterprise Gateway	url:	https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/	Trust: 0.8
title:	Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability (CNVD-2019-13397)	url:	https://www.cnvd.org.cn/patchInfo/show/160539	Trust: 0.6

sources: CNVD: CNVD-2019-13397 // JVNDB: JVNDB-2018-015386

EXTERNAL IDS

db:	TALOS	id:	TALOS-2018-0752	Trust: 3.4
db:	NVD	id:	CVE-2018-4067	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-122-03	Trust: 2.8
db:	BID	id:	108147	Trust: 2.6
db:	PACKETSTORM	id:	152652	Trust: 1.7
db:	TALOS	id:	TALOS-2018-0746	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0748	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0754	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0747	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0750	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0751	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015386	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1173	Trust: 0.7
db:	CNVD	id:	CNVD-2019-13397	Trust: 0.6
db:	NSFOCUS	id:	47364	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1530.2	Trust: 0.6
db:	VULHUB	id:	VHN-134098	Trust: 0.1

sources: CNVD: CNVD-2019-13397 // VULHUB: VHN-134098 // BID: 108147 // JVNDB: JVNDB-2018-015386 // CNNVD: CNNVD-201904-1173 // NVD: CVE-2018-4067

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-122-03	Trust: 2.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0752	Trust: 2.5
url:	http://www.securityfocus.com/bid/108147	Trust: 2.3
url:	http://packetstormsecurity.com/files/152652/sierra-wireless-airlink-es450-acemanager-template_load.cgi-information-disclosure.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4067	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0752	Trust: 1.2
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/	Trust: 0.9
url:	https://www.sierrawireless.com/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0751	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0754	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0746	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0750	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0752	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0748	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0747	Trust: 0.9
url:	https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4067	Trust: 0.8
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-122-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1530.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80158	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47364	Trust: 0.6
url:	https://packetstormsecurity.com/files/152652/sierra-wireless-airlink-es450-acemanager-template/load.cgi-information-disclosure.html	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/	Trust: 0.3

sources: CNVD: CNVD-2019-13397 // VULHUB: VHN-134098 // BID: 108147 // JVNDB: JVNDB-2018-015386 // CNNVD: CNNVD-201904-1173 // NVD: CVE-2018-4067

CREDITS

Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1173

SOURCES

db:	CNVD	id:	CNVD-2019-13397
db:	VULHUB	id:	VHN-134098
db:	BID	id:	108147
db:	JVNDB	id:	JVNDB-2018-015386
db:	CNNVD	id:	CNNVD-201904-1173
db:	NVD	id:	CVE-2018-4067

LAST UPDATE DATE

2024-11-23T21:59:56.550000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13397	date:	2019-05-09T00:00:00
db:	VULHUB	id:	VHN-134098	date:	2019-05-07T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015386	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1173	date:	2020-08-03T00:00:00
db:	NVD	id:	CVE-2018-4067	date:	2024-11-21T04:06:41.077

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13397	date:	2019-05-09T00:00:00
db:	VULHUB	id:	VHN-134098	date:	2019-05-06T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015386	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1173	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-4067	date:	2019-05-06T19:29:00.840