CVE-2017-6044
Summary
| CVE | CVE-2017-6044 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-30 03:29:00 UTC |
| Updated | 2019-10-09 23:28:00 UTC |
| Description | An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Sierra Wireless | Airlink Raven Xe | - | All | All | All |
| Hardware | Sierra Wireless | Airlink Raven Xe | - | All | All | All |
| Operating System | Sierra Wireless | Airlink Raven Xe Firmware | All | All | All | All |
| Hardware | Sierra Wireless | Airlink Raven Xt | - | All | All | All |
| Hardware | Sierra Wireless | Airlink Raven Xt | - | All | All | All |
| Operating System | Sierra Wireless | Airlink Raven Xt Firmware | - | All | All | All |
| Operating System | Sierra Wireless | Airlink Raven Xt Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Sierra Wireless AirLink Raven ICSA-17-115-02 Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Sierra Wireless AirLink Raven XE and XT | ICS-CERT | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.