Vulnerability Details : CVE-2018-4069
Potential exploit
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
Vulnerability category: Information leak
Products affected by CVE-2018-4069
- cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-4069
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-4069
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-4069
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-4069
-
http://www.securityfocus.com/bid/108147
Sierra Wireless AirLink ALEOS Multiple Security Vulnerabilities
-
http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html
Sierra Wireless AirLink ES450 ACEManager Information Exposure ≈ Packet Storm
-
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754
TALOS-2018-0754 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Third Party Advisory
-
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
Sierra Wireless AirLink ALEOS | CISA
Jump to