PT-2019-10793 · Sierra Wireless · Sierra Wireless Airlink Es450

Carl Hurd

Published

2019-05-06

Updated

2019-05-07

CVE-2018-4066

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description A cross-site request forgery issue exists in the ACEManager functionality. This allows an attacker to trick an authenticated user into making unintended requests, potentially leading to unauthorized access. The attacker can exploit this to get an authenticated user to request pages on their behalf.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider implementing additional validation for HTTP requests to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the ACEManager functionality to minimize the risk of exploitation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-4066

Affected Products

Sierra Wireless Airlink Es450

PT-2019-10793 · Sierra Wireless · Sierra Wireless Airlink Es450

CVE-2018-4066

Weakness Enumeration

Related Identifiers

Affected Products

References · 6