Sign-up

ID

VAR-201905-0859


CVE

CVE-2018-4070


TITLE

Sierra Wireless AirLink ES450 FW Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015387

DESCRIPTION

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Trust: 2.25

sources: NVD: CVE-2018-4070 // JVNDB: JVNDB-2018-015387 // CNVD: CNVD-2019-13408 // VULHUB: VHN-134101

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-13408

AFFECTED PRODUCTS

vendor:sierrawirelessmodel:airlink es450scope:eqversion:4.9.3

Trust: 1.0

vendor:sierramodel:airlink es450scope:eqversion:fw 4.9.3

Trust: 0.8

vendor:sierramodel:wireless airlink es450scope:eqversion:4.9.3

Trust: 0.6

sources: CNVD: CNVD-2019-13408 // JVNDB: JVNDB-2018-015387 // NVD: CVE-2018-4070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4070
value: HIGH

Trust: 1.0

NVD: CVE-2018-4070
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-13408
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201904-1195
value: HIGH

Trust: 0.6

VULHUB: VHN-134101
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4070
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-13408
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-134101
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4070
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-13408 // VULHUB: VHN-134101 // JVNDB: JVNDB-2018-015387 // CNNVD: CNNVD-201904-1195 // NVD: CVE-2018-4070

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-134101 // JVNDB: JVNDB-2018-015387 // NVD: CVE-2018-4070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1195

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-1195

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015387

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-134101

PATCH
title:AirLink ES450: LTE Enterprise Gatewayurl:https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/
Trust: 0.8
title:Patch for SierraWirelessAirLinkES450 Information Disclosure Vulnerability (CNVD-2019-13408)url:https://www.cnvd.org.cn/patchInfo/show/160595
Trust: 0.6
title:Sierra Wireless AirLink ES450 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92011
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-13408 // 
            
            
            
            JVNDB: JVNDB-2018-015387 // 
            
            
            
            CNNVD: CNNVD-201904-1195

EXTERNAL IDS
db:TALOSid:TALOS-2018-0755
Trust: 3.1
db:NVDid:CVE-2018-4070
Trust: 3.1
db:JVNDBid:JVNDB-2018-015387
Trust: 0.8
db:PACKETSTORMid:152655
Trust: 0.7
db:CNNVDid:CNNVD-201904-1195
Trust: 0.7
db:CNVDid:CNVD-2019-13408
Trust: 0.6
db:VULHUBid:VHN-134101
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-13408 // 
            
            
            
            VULHUB: VHN-134101 // 
            
            
            
            JVNDB: JVNDB-2018-015387 // 
            
            
            
            CNNVD: CNNVD-201904-1195 // 
            
            
            
            NVD: CVE-2018-4070

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0755
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-4070
Trust: 1.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0755
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4070
Trust: 0.8
url:https://packetstormsecurity.com/files/152655/sierra-wireless-airlink-es450-acemanager-embedded/ace/get/task.cgi-information-disclosure.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-13408 // 
            
            
            
            VULHUB: VHN-134101 // 
            
            
            
            JVNDB: JVNDB-2018-015387 // 
            
            
            
            CNNVD: CNNVD-201904-1195 // 
            
            
            
            NVD: CVE-2018-4070

CREDITS
Carl Hurd and Jared Rittle of Cisco Talos.,Discovered by Carl Hurd and Jared Rittle of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-1195

SOURCES
db:CNVDid:CNVD-2019-13408
db:VULHUBid:VHN-134101
db:JVNDBid:JVNDB-2018-015387
db:CNNVDid:CNNVD-201904-1195
db:NVDid:CVE-2018-4070

LAST UPDATE DATE
2024-11-23T21:52:16.978000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13408date:2019-05-09T00:00:00
db:VULHUBid:VHN-134101date:2019-05-07T00:00:00
db:JVNDBid:JVNDB-2018-015387date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201904-1195date:2019-05-14T00:00:00
db:NVDid:CVE-2018-4070date:2024-11-21T04:06:41.597

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13408date:2019-05-09T00:00:00
db:VULHUBid:VHN-134101date:2019-05-06T00:00:00
db:JVNDBid:JVNDB-2018-015387date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201904-1195date:2019-04-25T00:00:00
db:NVDid:CVE-2018-4070date:2019-05-06T19:29:00.903