CVE-2018-4069
Summary
| CVE | CVE-2018-4069 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-05-06 18:29:00 UTC |
| Updated | 2019-05-07 20:29:00 UTC |
| Description | An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Sierrawireless | Airlink Es450 | - | All | All | All |
| Hardware | Sierrawireless | Airlink Es450 | - | All | All | All |
| Operating System | Sierrawireless | Airlink Es450 Firmware | 4.9.3 | All | All | All |
| Operating System | Sierrawireless | Airlink Es450 Firmware | 4.9.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TALOS-2018-0754 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence | MISC | talosintelligence.com | Exploit, Third Party Advisory |
| Sierra Wireless AirLink ES450 ACEManager Information Exposure ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Sierra Wireless AirLink ALEOS | ICS-CERT | MISC | ics-cert.us-cert.gov | |
| Sierra Wireless AirLink ALEOS Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.