Details of VAR-201910-1514

ID

VAR-201910-1514

CVE

CVE-2018-4064

TITLE

Sierra Wireless AirLink ES450 FW Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-016146

DESCRIPTION

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. An unauthorized password modification vulnerability exists in the ACEManagerupload.cgi feature in the SierraWirelessAirLinkES450 using version 4.9.3 of the firmware

Trust: 2.16

sources: NVD: CVE-2018-4064 // JVNDB: JVNDB-2018-016146 // CNVD: CNVD-2019-13238

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13238

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 1.0
vendor:	sierra	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 0.8
vendor:	sierra	model:	wireless airlink es450	scope:	eq	version:	4.9.3	Trust: 0.6

sources: CNVD: CNVD-2019-13238 // JVNDB: JVNDB-2018-016146 // NVD: CVE-2018-4064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4064
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4064
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-13238
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201904-1199
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-4064
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-13238
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-4064
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2018-4064
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-13238 // JVNDB: JVNDB-2018-016146 // CNNVD: CNNVD-201904-1199 // NVD: CVE-2018-4064

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-016146 // NVD: CVE-2018-4064

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1199

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201904-1199

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016146

PATCH

title:	AirLink ES450	url:	https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/	Trust: 0.8
title:	SierraWirelessAirLinkES450 Unauthorized Password Modification Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/160403	Trust: 0.6
title:	Sierra Wireless AirLink ES450 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92013	Trust: 0.6

sources: CNVD: CNVD-2019-13238 // JVNDB: JVNDB-2018-016146 // CNNVD: CNNVD-201904-1199

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4064	Trust: 3.0
db:	TALOS	id:	TALOS-2018-0749	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-016146	Trust: 0.8
db:	CNVD	id:	CNVD-2019-13238	Trust: 0.6
db:	PACKETSTORM	id:	152649	Trust: 0.6
db:	CNNVD	id:	CNNVD-201904-1199	Trust: 0.6

sources: CNVD: CNVD-2019-13238 // JVNDB: JVNDB-2018-016146 // CNNVD: CNNVD-201904-1199 // NVD: CVE-2018-4064

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0749	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4064	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0749	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4064	Trust: 0.8
url:	https://packetstormsecurity.com/files/152649/sierra-wireless-airlink-es450-acemanager-upload.cgi-unverified-password-change.html	Trust: 0.6

sources: CNVD: CNVD-2019-13238 // JVNDB: JVNDB-2018-016146 // CNNVD: CNNVD-201904-1199 // NVD: CVE-2018-4064

CREDITS

Discovered by Carl Hurd of Cisco Talos.,Carl Hurd of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1199

SOURCES

db:	CNVD	id:	CNVD-2019-13238
db:	JVNDB	id:	JVNDB-2018-016146
db:	CNNVD	id:	CNNVD-201904-1199
db:	NVD	id:	CVE-2018-4064

LAST UPDATE DATE

2024-11-23T21:59:39.162000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13238	date:	2019-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-016146	date:	2019-11-12T00:00:00
db:	CNNVD	id:	CNNVD-201904-1199	date:	2019-11-07T00:00:00
db:	NVD	id:	CVE-2018-4064	date:	2024-11-21T04:06:40.550

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13238	date:	2019-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-016146	date:	2019-11-12T00:00:00
db:	CNNVD	id:	CNNVD-201904-1199	date:	2019-04-25T00:00:00
db:	NVD	id:	CVE-2018-4064	date:	2019-10-31T21:15:12.417