An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html - | |
References | () http://www.securityfocus.com/bid/108147 - | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03 - | |
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754 - Exploit, Third Party Advisory |
Information
Published : 2019-05-06 18:29
Updated : 2024-11-21 04:06
NVD link : CVE-2018-4069
Mitre link : CVE-2018-4069
CVE.ORG link : CVE-2018-4069
JSON object : View
Products Affected
sierrawireless
- airlink_es450
- airlink_es450_firmware
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor