Sign-up

ID

VAR-201905-0861


CVE

CVE-2018-4072


TITLE

Sierra Wireless AirLink ES450 Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-015403

DESCRIPTION

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSet_Task.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoint. Sierra Wireless AirLink ES450 Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SierraWirelessAirLinkES450 is a cellular network modem device from Sierra Wireless, Canada. A security vulnerability exists in the ACEManagerEmbeddedAceSet_Task.cgi feature in the SierraWirelessAirLinkES450 using firmware version 4.9.3. An attacker could exploit the vulnerability to change other user passwords by sending a specially crafted HTTP request, enable or disable the service, and change any configuration settings

Trust: 2.25

sources: NVD: CVE-2018-4072 // JVNDB: JVNDB-2018-015403 // CNVD: CNVD-2019-15931 // VULHUB: VHN-134103

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-15931

AFFECTED PRODUCTS

vendor:sierrawirelessmodel:airlink es450scope:eqversion:4.9.3

Trust: 1.0

vendor:sierramodel:airlink es450scope:eqversion:4.9.3

Trust: 0.8

vendor:sierramodel:wireless airlink es450scope:eqversion:4.9.3

Trust: 0.6

sources: CNVD: CNVD-2019-15931 // JVNDB: JVNDB-2018-015403 // NVD: CVE-2018-4072

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4072
value: HIGH

Trust: 1.0

NVD: CVE-2018-4072
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-15931
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201904-1188
value: HIGH

Trust: 0.6

VULHUB: VHN-134103
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4072
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-15931
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-134103
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4072
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-15931 // VULHUB: VHN-134103 // JVNDB: JVNDB-2018-015403 // CNNVD: CNNVD-201904-1188 // NVD: CVE-2018-4072

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-134103 // JVNDB: JVNDB-2018-015403 // NVD: CVE-2018-4072

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1188

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201904-1188

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015403

PATCH
title:AirLink ES450url:https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/
Trust: 0.8
title:Patch for SierraWirelessAirLinkES450 Permissions and Access Control Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/162455
Trust: 0.6
title:Sierra Wireless AirLink ES450 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92008
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-15931 // 
            
            
            
            JVNDB: JVNDB-2018-015403 // 
            
            
            
            CNNVD: CNNVD-201904-1188

EXTERNAL IDS
db:TALOSid:TALOS-2018-0756
Trust: 3.1
db:NVDid:CVE-2018-4072
Trust: 3.1
db:JVNDBid:JVNDB-2018-015403
Trust: 0.8
db:CNNVDid:CNNVD-201904-1188
Trust: 0.7
db:CNVDid:CNVD-2019-15931
Trust: 0.6
db:VULHUBid:VHN-134103
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-15931 // 
            
            
            
            VULHUB: VHN-134103 // 
            
            
            
            JVNDB: JVNDB-2018-015403 // 
            
            
            
            CNNVD: CNNVD-201904-1188 // 
            
            
            
            NVD: CVE-2018-4072

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0756
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-4072
Trust: 1.4
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0756
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4072
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-15931 // 
            
            
            
            VULHUB: VHN-134103 // 
            
            
            
            JVNDB: JVNDB-2018-015403 // 
            
            
            
            CNNVD: CNNVD-201904-1188 // 
            
            
            
            NVD: CVE-2018-4072

CREDITS
Discovered by Carl Hurd of Cisco Talos.,Carl Hurd of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-1188

SOURCES
db:CNVDid:CNVD-2019-15931
db:VULHUBid:VHN-134103
db:JVNDBid:JVNDB-2018-015403
db:CNNVDid:CNNVD-201904-1188
db:NVDid:CVE-2018-4072

LAST UPDATE DATE
2024-11-23T22:06:11.564000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-15931date:2019-05-30T00:00:00
db:VULHUBid:VHN-134103date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-015403date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201904-1188date:2019-10-08T00:00:00
db:NVDid:CVE-2018-4072date:2024-11-21T04:06:41.880

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-15931date:2019-05-30T00:00:00
db:VULHUBid:VHN-134103date:2019-05-06T00:00:00
db:JVNDBid:JVNDB-2018-015403date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201904-1188date:2019-04-25T00:00:00
db:NVDid:CVE-2018-4072date:2019-05-06T19:29:01.013