Sign-up

ID

VAR-201905-0862


CVE

CVE-2018-4073


TITLE

Sierra Wireless AirLink ES450 Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-015404

DESCRIPTION

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability. Sierra Wireless AirLink ES450 Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Sierra Wireless AirLink ES450 is a cellular network modem device from Sierra Wireless Canada. An attacker could exploit this vulnerability by sending specially crafted HTTP requests to change other users' passwords, enable or disable services, and change arbitrary configuration settings

Trust: 1.71

sources: NVD: CVE-2018-4073 // JVNDB: JVNDB-2018-015404 // VULHUB: VHN-134104

AFFECTED PRODUCTS

vendor:sierrawirelessmodel:airlink es450scope:eqversion:4.9.3

Trust: 1.0

vendor:sierramodel:airlink es450scope:eqversion:4.9.3

Trust: 0.8

sources: JVNDB: JVNDB-2018-015404 // NVD: CVE-2018-4073

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4073
value: HIGH

Trust: 1.0

NVD: CVE-2018-4073
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-1185
value: HIGH

Trust: 0.6

VULHUB: VHN-134104
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4073
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134104
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4073
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134104 // JVNDB: JVNDB-2018-015404 // CNNVD: CNNVD-201904-1185 // NVD: CVE-2018-4073

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-134104 // JVNDB: JVNDB-2018-015404 // NVD: CVE-2018-4073

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1185

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201904-1185

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015404

PATCH
title:AirLink ES450url:https://www.sierrawireless.com/products-and-solutions/routers-gateways/es450/
Trust: 0.8
title:Sierra Wireless AirLink ES450 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92007
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015404 // 
            
            
            
            CNNVD: CNNVD-201904-1185

EXTERNAL IDS
db:NVDid:CVE-2018-4073
Trust: 2.5
db:TALOSid:TALOS-2018-0756
Trust: 2.5
db:JVNDBid:JVNDB-2018-015404
Trust: 0.8
db:CNNVDid:CNNVD-201904-1185
Trust: 0.7
db:VULHUBid:VHN-134104
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134104 // 
            
            
            
            JVNDB: JVNDB-2018-015404 // 
            
            
            
            CNNVD: CNNVD-201904-1185 // 
            
            
            
            NVD: CVE-2018-4073

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0756
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-4073
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4073
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0756
Trust: 0.6
sources:
            
            
            VULHUB: VHN-134104 // 
            
            
            
            JVNDB: JVNDB-2018-015404 // 
            
            
            
            CNNVD: CNNVD-201904-1185 // 
            
            
            
            NVD: CVE-2018-4073

CREDITS
Discovered by Carl Hurd of Cisco Talos.,Carl Hurd of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-1185

SOURCES
db:VULHUBid:VHN-134104
db:JVNDBid:JVNDB-2018-015404
db:CNNVDid:CNNVD-201904-1185
db:NVDid:CVE-2018-4073

LAST UPDATE DATE
2024-11-23T22:06:11.539000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134104date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-015404date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201904-1185date:2019-10-08T00:00:00
db:NVDid:CVE-2018-4073date:2024-11-21T04:06:42.050

SOURCES RELEASE DATE
db:VULHUBid:VHN-134104date:2019-05-06T00:00:00
db:JVNDBid:JVNDB-2018-015404date:2019-06-03T00:00:00
db:CNNVDid:CNNVD-201904-1185date:2019-04-25T00:00:00
db:NVDid:CVE-2018-4073date:2019-05-06T19:29:01.090