CVE-2018-4069

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description An information disclosure issue exists in the ACEManager authentication functionality. This functionality uses plaintext XML to communicate with the web server, allowing an attacker to intercept network traffic and potentially exploit this issue.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider restricting access to the device's network traffic to minimize the risk of exploitation. As a temporary workaround, limit the use of the ACEManager authentication functionality until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.