Sign-up

ID

VAR-201905-0857


CVE

CVE-2018-4068


TITLE

Sierra Wireless AirLink ES450 Information disclosure vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-015381

DESCRIPTION

An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. Unauthorized attackers can exploit the vulnerability to obtain sensitive information about the affected component. This vulnerability stems from configuration errors in network systems or products during operation

Trust: 2.25

sources: NVD: CVE-2018-4068 // JVNDB: JVNDB-2018-015381 // CNVD: CNVD-2019-13240 // VULHUB: VHN-134099

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13240

AFFECTED PRODUCTS

vendor:sierrawirelessmodel:airlink es450scope:eqversion:4.9.3

Trust: 1.0

vendor:sierramodel:airlink es450scope:eqversion:4.9.3

Trust: 0.8

vendor:sierramodel:wireless airlink es450scope:eqversion:4.9.3

Trust: 0.6

sources: CNVD: CNVD-2019-13240 // JVNDB: JVNDB-2018-015381 // NVD: CVE-2018-4068

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4068
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4068
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-13240
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201904-1205
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134099
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4068
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-13240
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-134099
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4068
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-13240 // VULHUB: VHN-134099 // JVNDB: JVNDB-2018-015381 // CNNVD: CNNVD-201904-1205 // NVD: CVE-2018-4068

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-134099 // JVNDB: JVNDB-2018-015381 // NVD: CVE-2018-4068

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1205

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-1205

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015381

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-134099

PATCH
title:AirLink ES450url:https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/
Trust: 0.8
title:Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability (CNVD-2019-13240)url:https://www.cnvd.org.cn/patchInfo/show/160413
Trust: 0.6
title:Sierra Wireless AirLink ES450 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92019
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-13240 // 
            
            
            
            JVNDB: JVNDB-2018-015381 // 
            
            
            
            CNNVD: CNNVD-201904-1205

EXTERNAL IDS
db:NVDid:CVE-2018-4068
Trust: 3.1
db:TALOSid:TALOS-2018-0753
Trust: 3.1
db:JVNDBid:JVNDB-2018-015381
Trust: 0.8
db:CNNVDid:CNNVD-201904-1205
Trust: 0.7
db:PACKETSTORMid:152653
Trust: 0.7
db:CNVDid:CNVD-2019-13240
Trust: 0.6
db:VULHUBid:VHN-134099
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13240 // 
            
            
            
            VULHUB: VHN-134099 // 
            
            
            
            JVNDB: JVNDB-2018-015381 // 
            
            
            
            CNNVD: CNNVD-201904-1205 // 
            
            
            
            NVD: CVE-2018-4068

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0753
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-4068
Trust: 1.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0753
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4068
Trust: 0.8
url:https://packetstormsecurity.com/files/152653/sierra-wireless-airlink-es450-acemanager-information-disclosure.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-13240 // 
            
            
            
            VULHUB: VHN-134099 // 
            
            
            
            JVNDB: JVNDB-2018-015381 // 
            
            
            
            CNNVD: CNNVD-201904-1205 // 
            
            
            
            NVD: CVE-2018-4068

CREDITS
Discovered by Carl Hurd of Cisco Talos.,Carl Hurd of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-1205

SOURCES
db:CNVDid:CNVD-2019-13240
db:VULHUBid:VHN-134099
db:JVNDBid:JVNDB-2018-015381
db:CNNVDid:CNNVD-201904-1205
db:NVDid:CVE-2018-4068

LAST UPDATE DATE
2024-11-23T22:25:56.232000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13240date:2019-05-07T00:00:00
db:VULHUBid:VHN-134099date:2019-05-07T00:00:00
db:JVNDBid:JVNDB-2018-015381date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201904-1205date:2019-05-08T00:00:00
db:NVDid:CVE-2018-4068date:2024-11-21T04:06:41.247

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13240date:2019-05-07T00:00:00
db:VULHUBid:VHN-134099date:2019-05-06T00:00:00
db:JVNDBid:JVNDB-2018-015381date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201904-1205date:2019-04-25T00:00:00
db:NVDid:CVE-2018-4068date:2019-05-06T18:29:00.413