Information Disclosure Vulnerability in Sierra Wireless AirLink ES450 Authentication
CVE-2018-4069

7.5HIGH

Key Information:

Vendor

Sierrawireless

Status
Sierra Wireless
Vendor
CVE Published:
6 May 2019

What is CVE-2018-4069?

An information disclosure vulnerability in the ACEManager authentication of Sierra Wireless AirLink ES450 allows attackers to intercept sensitive data transmitted in plaintext XML format. By monitoring network traffic upstream from the device, an unauthorized entity could exploit this issue to gain access to confidential information, potentially compromising the security of the device and its associated network.

Affected Version(s)

Sierra Wireless Sierra Wireless AirLink ES450 FW 4.9.3

References

http://packetstormsecurity.com/files/152654/Sierra-Wirele...
x_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
x_refsource_MISC
http://www.securityfocus.com/bid/108147
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.