CVE-2018-4069
N/A
N/A
Summary
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Sierra Wireless | Sierra Wireless AirLink ES450 FW 4.9.3 | affected |
Weaknesses
- Missing Encryption of Sensitive Data
ADP Enrichment
CVE Program Container
Additional References
- http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html
- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
- http://www.securityfocus.com/bid/108147
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754
References
- http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html
- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
- http://www.securityfocus.com/bid/108147
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.