CVE-2017-6042
Summary
| CVE | CVE-2017-6042 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-30 03:29:00 UTC |
| Updated | 2019-10-09 23:28:00 UTC |
| Description | A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Sierra Wireless | Airlink Raven Xe | - | All | All | All |
| Hardware | Sierra Wireless | Airlink Raven Xe | - | All | All | All |
| Operating System | Sierra Wireless | Airlink Raven Xe Firmware | All | All | All | All |
| Hardware | Sierra Wireless | Airlink Raven Xt | - | All | All | All |
| Hardware | Sierra Wireless | Airlink Raven Xt | - | All | All | All |
| Operating System | Sierra Wireless | Airlink Raven Xt Firmware | - | All | All | All |
| Operating System | Sierra Wireless | Airlink Raven Xt Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Sierra Wireless AirLink Raven ICSA-17-115-02 Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Sierra Wireless AirLink Raven XE and XT | ICS-CERT | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.