Details of VAR-201905-0858

ID

VAR-201905-0858

CVE

CVE-2018-4069

TITLE

Sierra Wireless AirLink ES450 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-13242 // CNNVD: CNNVD-201904-1210

DESCRIPTION

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-4069 // JVNDB: JVNDB-2018-015382 // CNVD: CNVD-2019-13242 // BID: 108147 // VULHUB: VHN-134100

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13242

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 1.0
vendor:	sierra	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 0.8
vendor:	sierra	model:	wireless airlink es450	scope:	eq	version:	4.9.3	Trust: 0.6
vendor:	sierra	model:	wireless airlink rv50x aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink rv50 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70e aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx60 aleos	scope:	eq	version:	4.10	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx40 aleos	scope:	eq	version:	4.11.1	Trust: 0.3
vendor:	sierra	model:	wireless airlink ls300 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx400 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink es440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3

sources: CNVD: CNVD-2019-13242 // BID: 108147 // JVNDB: JVNDB-2018-015382 // NVD: CVE-2018-4069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4069
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4069
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-13242
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-1210
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134100
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4069
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-13242
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-134100
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4069
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-13242 // VULHUB: VHN-134100 // JVNDB: JVNDB-2018-015382 // CNNVD: CNNVD-201904-1210 // NVD: CVE-2018-4069

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-134100 // JVNDB: JVNDB-2018-015382 // NVD: CVE-2018-4069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1210

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-1210

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015382

PATCH

title:	AirLink ES450	url:	https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/	Trust: 0.8
title:	Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/160409	Trust: 0.6

sources: CNVD: CNVD-2019-13242 // JVNDB: JVNDB-2018-015382

EXTERNAL IDS

db:	TALOS	id:	TALOS-2018-0754	Trust: 3.4
db:	NVD	id:	CVE-2018-4069	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-122-03	Trust: 2.8
db:	BID	id:	108147	Trust: 2.0
db:	PACKETSTORM	id:	152654	Trust: 1.7
db:	TALOS	id:	TALOS-2018-0746	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0752	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0748	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0747	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0750	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0751	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015382	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1210	Trust: 0.7
db:	CNVD	id:	CNVD-2019-13242	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1530.2	Trust: 0.6
db:	NSFOCUS	id:	47375	Trust: 0.6
db:	VULHUB	id:	VHN-134100	Trust: 0.1

sources: CNVD: CNVD-2019-13242 // VULHUB: VHN-134100 // BID: 108147 // JVNDB: JVNDB-2018-015382 // CNNVD: CNNVD-201904-1210 // NVD: CVE-2018-4069

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-122-03	Trust: 2.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0754	Trust: 2.5
url:	http://www.securityfocus.com/bid/108147	Trust: 2.3
url:	http://packetstormsecurity.com/files/152654/sierra-wireless-airlink-es450-acemanager-information-exposure.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4069	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0754	Trust: 1.2
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/	Trust: 0.9
url:	https://www.sierrawireless.com/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0751	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0754	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0746	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0750	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0752	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0748	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0747	Trust: 0.9
url:	https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4069	Trust: 0.8
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-122-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1530.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80158	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47375	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/	Trust: 0.3

sources: CNVD: CNVD-2019-13242 // VULHUB: VHN-134100 // BID: 108147 // JVNDB: JVNDB-2018-015382 // CNNVD: CNNVD-201904-1210 // NVD: CVE-2018-4069

CREDITS

Carl Hurd and Jared Rittle of Cisco Talos,Discovered by Carl Hurd of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1210

SOURCES

db:	CNVD	id:	CNVD-2019-13242
db:	VULHUB	id:	VHN-134100
db:	BID	id:	108147
db:	JVNDB	id:	JVNDB-2018-015382
db:	CNNVD	id:	CNNVD-201904-1210
db:	NVD	id:	CVE-2018-4069

LAST UPDATE DATE

2024-11-23T21:59:56.712000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13242	date:	2019-05-07T00:00:00
db:	VULHUB	id:	VHN-134100	date:	2019-05-07T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015382	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1210	date:	2020-08-03T00:00:00
db:	NVD	id:	CVE-2018-4069	date:	2024-11-21T04:06:41.430

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13242	date:	2019-05-07T00:00:00
db:	VULHUB	id:	VHN-134100	date:	2019-05-06T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015382	date:	2019-05-31T00:00:00
db:	CNNVD	id:	CNNVD-201904-1210	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-4069	date:	2019-05-06T18:29:00.477