Details of VAR-201905-0851

ID

VAR-201905-0851

CVE

CVE-2018-4061

TITLE

Sierra Wireless AirLink ES450 Operating System Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-13239 // CNNVD: CNNVD-201904-1202

DESCRIPTION

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. The Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless, Canada. This vulnerability is caused by external input data constructing executable commands, and the network system or product does not properly filter the special elements. An attacker could exploit the vulnerability to execute an illegal command. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability 4. An cross-site scripting vulnerability 5. A cross-site request-forgery vulnerability 6. Multiple information disclosure vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, perform certain administrative actions and gain unauthorized access to the affected application, execute arbitrary code, execute arbitrary commands with system-level privileges, This may aid in further attacks. element

Trust: 2.52

sources: NVD: CVE-2018-4061 // JVNDB: JVNDB-2018-015380 // CNVD: CNVD-2019-13239 // BID: 108147 // VULHUB: VHN-134092

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-13239

AFFECTED PRODUCTS

vendor:	sierrawireless	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 1.0
vendor:	sierra	model:	airlink es450	scope:	eq	version:	4.9.3	Trust: 0.8
vendor:	sierra	model:	wireless airlink es450	scope:	eq	version:	4.9.3	Trust: 0.6
vendor:	sierra	model:	wireless airlink rv50x aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink rv50 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70e aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink mp70 aleos	scope:	eq	version:	4.11.2	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx60 aleos	scope:	eq	version:	4.10	Trust: 0.3
vendor:	sierra	model:	wireless airlink lx40 aleos	scope:	eq	version:	4.11.1	Trust: 0.3
vendor:	sierra	model:	wireless airlink ls300 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx400 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	eq	version:	4.9.3	Trust: 0.3
vendor:	sierra	model:	wireless airlink es440 aleos	scope:	eq	version:	4.4.8	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink gx450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos 4.9.4.p09	scope:	ne	version:	-	Trust: 0.3
vendor:	sierra	model:	wireless airlink es450 aleos	scope:	ne	version:	4.9.4	Trust: 0.3

sources: CNVD: CNVD-2019-13239 // BID: 108147 // JVNDB: JVNDB-2018-015380 // NVD: CVE-2018-4061

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2018-4061
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2019-13239
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201904-1202
value:	HIGH
Trust: 0.6
VULHUB:	VHN-134092
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2018-4061
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2019-13239
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-134092
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2018-4061
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-13239 // VULHUB: VHN-134092 // JVNDB: JVNDB-2018-015380 // NVD: CVE-2018-4061 // CNNVD: CNNVD-201904-1202

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-134092 // JVNDB: JVNDB-2018-015380 // NVD: CVE-2018-4061

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1202

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201904-1202

CONFIGURATIONS

sources: NVD: CVE-2018-4061

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-134092

PATCH

title:	AirLink ES450	url:	https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/	Trust: 0.8
title:	Patch for Sierra Wireless AirLink ES450 Operating System Command Injection Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/160399	Trust: 0.6
title:	Sierra Wireless AirLink ES450 Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92016	Trust: 0.6

sources: CNVD: CNVD-2019-13239 // JVNDB: JVNDB-2018-015380 // CNNVD: CNNVD-201904-1202

EXTERNAL IDS

db:	TALOS	id:	TALOS-2018-0746	Trust: 3.4
db:	NVD	id:	CVE-2018-4061	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-122-03	Trust: 2.8
db:	BID	id:	108147	Trust: 2.0
db:	PACKETSTORM	id:	152646	Trust: 1.7
db:	TALOS	id:	TALOS-2018-0752	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0748	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0754	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0747	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0750	Trust: 0.9
db:	TALOS	id:	TALOS-2018-0751	Trust: 0.9
db:	JVNDB	id:	JVNDB-2018-015380	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-1202	Trust: 0.7
db:	CNVD	id:	CNVD-2019-13239	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1530.2	Trust: 0.6
db:	NSFOCUS	id:	47369	Trust: 0.6
db:	VULHUB	id:	VHN-134092	Trust: 0.1

sources: CNVD: CNVD-2019-13239 // VULHUB: VHN-134092 // BID: 108147 // JVNDB: JVNDB-2018-015380 // NVD: CVE-2018-4061 // CNNVD: CNNVD-201904-1202

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-122-03	Trust: 2.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0746	Trust: 2.5
url:	http://www.securityfocus.com/bid/108147	Trust: 2.3
url:	http://packetstormsecurity.com/files/152646/sierra-wireless-airlink-es450-acemanager-iplogging.cgi-command-injection.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4061	Trust: 1.4
url:	https://www.talosintelligence.com/vulnerability_reports/talos-2018-0746	Trust: 1.2
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es440-firmware/es440-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/es450/es450-firmware-package-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx400-firmware/gx400-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/gx450/gx450-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/ls300-firmware/ls300-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/mp70/mp70-firmware-list/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_downloads/rv50/rv50-firmware-list/	Trust: 0.9
url:	https://www.sierrawireless.com/	Trust: 0.9
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003/	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0751	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0754	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0746	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0750	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0752	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0748	Trust: 0.9
url:	https://www.talosintelligence.com/reports/talos-2018-0747	Trust: 0.9
url:	https://source.sierrawireless.com/~/media/support_downloads/airlink/docs/technical%20bulletin/swi-psa-2019-003%20-%20talos%20cves%20-%2030apr2019.ashx?la=en	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4061	Trust: 0.8
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-9-d-4-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-4-d-8-release-notes/	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4-d-11-d-2-release-notes/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47369	Trust: 0.6
url:	https://www.us-cert.gov/ics/advisories/icsa-19-122-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.1530.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80158	Trust: 0.6
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,11,-d-,2-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,4,-d-,8-release-notes/	Trust: 0.3
url:	https://source.sierrawireless.com/resources/airlink/software_reference_docs/release-notes/aleos-4,-d-,9,-d-,4-release-notes/	Trust: 0.3

sources: CNVD: CNVD-2019-13239 // VULHUB: VHN-134092 // BID: 108147 // JVNDB: JVNDB-2018-015380 // NVD: CVE-2018-4061 // CNNVD: CNNVD-201904-1202

CREDITS

Carl Hurd and Jared Rittle of Cisco Talos,Carl Hurd and Jared Rittle of Cisco Talos.,Carl Hurd and Jared Rittle of Cisco Talos reported these vulnerabilities to Sierra Wireless.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.

Trust: 0.6

sources: CNNVD: CNNVD-201904-1202

SOURCES

db:	CNVD	id:	CNVD-2019-13239
db:	VULHUB	id:	VHN-134092
db:	BID	id:	108147
db:	JVNDB	id:	JVNDB-2018-015380
db:	NVD	id:	CVE-2018-4061
db:	CNNVD	id:	CNNVD-201904-1202

LAST UPDATE DATE

2023-12-18T12:17:59.138000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-13239	date:	2019-10-15T00:00:00
db:	VULHUB	id:	VHN-134092	date:	2019-05-07T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015380	date:	2019-05-31T00:00:00
db:	NVD	id:	CVE-2018-4061	date:	2019-05-07T20:29:00.657
db:	CNNVD	id:	CNNVD-201904-1202	date:	2020-08-03T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-13239	date:	2019-05-07T00:00:00
db:	VULHUB	id:	VHN-134092	date:	2019-05-06T00:00:00
db:	BID	id:	108147	date:	2019-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-015380	date:	2019-05-31T00:00:00
db:	NVD	id:	CVE-2018-4061	date:	2019-05-06T18:29:00.367
db:	CNNVD	id:	CNNVD-201904-1202	date:	2019-04-25T00:00:00