Sign-up

ID

VAR-201706-0470


CVE

CVE-2017-6046


TITLE

Sierra Wireless AirLink Raven XE and XT Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-005262

DESCRIPTION

An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure. SierraWirelessAirLinkRavenXE and XT are wireless gateway products from Sierra Wireless, Canada. An information disclosure vulnerability exists in SierraWirelessAirLinkRavenXE and XT. An attacker could exploit this vulnerability to obtain sensitive information. Other attacks are also possible

Trust: 2.7

sources: NVD: CVE-2017-6046 // JVNDB: JVNDB-2017-005262 // CNVD: CNVD-2017-06450 // BID: 98036 // IVD: 693c88c0-c789-4831-bc87-d3c442d689ca // VULHUB: VHN-114249

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 693c88c0-c789-4831-bc87-d3c442d689ca // CNVD: CNVD-2017-06450

AFFECTED PRODUCTS

vendor:sierramodel:airlink raven xtscope:eqversion: -

Trust: 1.6

vendor:sierramodel:airlink raven xescope:lteversion: -

Trust: 1.0

vendor:sierramodel:airlink raven xescope:ltversion:4.0.14

Trust: 0.8

vendor:sierramodel:airlink raven xtscope:ltversion:4.0.11

Trust: 0.8

vendor:sierramodel:wireless airlink raven xescope: - version: -

Trust: 0.6

vendor:sierramodel:wireless airlink raven xtscope:ltversion:4.0.11

Trust: 0.6

vendor:sierramodel:airlink raven xescope:eqversion: -

Trust: 0.6

vendor:sierramodel:wireless airlink raven xtscope:eqversion:0

Trust: 0.3

vendor:sierramodel:wireless airlink raven xescope:eqversion:0

Trust: 0.3

vendor:sierramodel:wireless airlink raven xtscope:neversion:4.0.11

Trust: 0.3

vendor:sierramodel:wireless airlink raven xescope:neversion:4.0.14

Trust: 0.3

vendor:airlink raven xemodel: - scope:eqversion:*

Trust: 0.2

vendor:airlink raven xtmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 693c88c0-c789-4831-bc87-d3c442d689ca // CNVD: CNVD-2017-06450 // BID: 98036 // JVNDB: JVNDB-2017-005262 // CNNVD: CNNVD-201704-1502 // NVD: CVE-2017-6046

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6046
value: HIGH

Trust: 1.0

NVD: CVE-2017-6046
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-06450
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-1502
value: HIGH

Trust: 0.6

IVD: 693c88c0-c789-4831-bc87-d3c442d689ca
value: HIGH

Trust: 0.2

VULHUB: VHN-114249
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6046
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06450
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 693c88c0-c789-4831-bc87-d3c442d689ca
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-114249
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6046
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 693c88c0-c789-4831-bc87-d3c442d689ca // CNVD: CNVD-2017-06450 // VULHUB: VHN-114249 // JVNDB: JVNDB-2017-005262 // CNNVD: CNNVD-201704-1502 // NVD: CVE-2017-6046

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-522

Trust: 1.0

sources: VULHUB: VHN-114249 // JVNDB: JVNDB-2017-005262 // NVD: CVE-2017-6046

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1502

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-1502

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005262

PATCH
title:AirLink Raven XEurl:https://source.sierrawireless.com/devices/raven-series/raven-xe/
Trust: 0.8
title:AirLink Raven XTurl:https://source.sierrawireless.com/devices/raven-series/raven-xt/
Trust: 0.8
title:Patch for SierraWirelessAirLinkRavenXE and XT Information Disclosure Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/93571
Trust: 0.6
title:Sierra Wireless AirLink Raven XE  and XT Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69695
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06450 // 
            
            
            
            JVNDB: JVNDB-2017-005262 // 
            
            
            
            CNNVD: CNNVD-201704-1502

EXTERNAL IDS
db:NVDid:CVE-2017-6046
Trust: 3.6
db:ICS CERTid:ICSA-17-115-02
Trust: 2.8
db:BIDid:98036
Trust: 2.6
db:CNNVDid:CNNVD-201704-1502
Trust: 0.9
db:CNVDid:CNVD-2017-06450
Trust: 0.8
db:JVNDBid:JVNDB-2017-005262
Trust: 0.8
db:IVDid:693C88C0-C789-4831-BC87-D3C442D689CA
Trust: 0.2
db:VULHUBid:VHN-114249
Trust: 0.1
sources:
            
            
            IVD: 693c88c0-c789-4831-bc87-d3c442d689ca // 
            
            
            
            CNVD: CNVD-2017-06450 // 
            
            
            
            VULHUB: VHN-114249 // 
            
            
            
            BID: 98036 // 
            
            
            
            JVNDB: JVNDB-2017-005262 // 
            
            
            
            CNNVD: CNNVD-201704-1502 // 
            
            
            
            NVD: CVE-2017-6046

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-115-02
Trust: 2.8
url:http://www.securityfocus.com/bid/98036
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6046
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6046
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-06450 // 
            
            
            
            VULHUB: VHN-114249 // 
            
            
            
            BID: 98036 // 
            
            
            
            JVNDB: JVNDB-2017-005262 // 
            
            
            
            CNNVD: CNNVD-201704-1502 // 
            
            
            
            NVD: CVE-2017-6046

CREDITS
Karn Ganeshen.
Trust: 0.9
sources:
            
            
            BID: 98036 // 
            
            
            
            CNNVD: CNNVD-201704-1502

SOURCES
db:IVDid:693c88c0-c789-4831-bc87-d3c442d689ca
db:CNVDid:CNVD-2017-06450
db:VULHUBid:VHN-114249
db:BIDid:98036
db:JVNDBid:JVNDB-2017-005262
db:CNNVDid:CNNVD-201704-1502
db:NVDid:CVE-2017-6046

LAST UPDATE DATE
2025-04-20T23:34:21.425000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06450date:2017-05-14T00:00:00
db:VULHUBid:VHN-114249date:2019-10-09T00:00:00
db:BIDid:98036date:2017-05-02T01:09:00
db:JVNDBid:JVNDB-2017-005262date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201704-1502date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6046date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:693c88c0-c789-4831-bc87-d3c442d689cadate:2017-05-14T00:00:00
db:CNVDid:CNVD-2017-06450date:2017-05-14T00:00:00
db:VULHUBid:VHN-114249date:2017-06-30T00:00:00
db:BIDid:98036date:2017-04-25T00:00:00
db:JVNDBid:JVNDB-2017-005262date:2017-07-25T00:00:00
db:CNNVDid:CNNVD-201704-1502date:2017-04-28T00:00:00
db:NVDid:CVE-2017-6046date:2017-06-30T03:29:00.657