PT-2019-10795 · Sierra Wireless · Sierra Wireless Airlink Es450

Published

2019-05-06

Updated

2019-05-07

CVE-2018-4068

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description An information disclosure issue exists in the ACEManager functionality. It allows an attacker to send an unauthenticated HTTP request, potentially disclosing the default configuration for the device.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider restricting access to the ACEManager functionality until a patch is available. As a temporary workaround, limit the exposure of the device to unauthenticated HTTP requests to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-4068

Affected Products

Sierra Wireless Airlink Es450

PT-2019-10795 · Sierra Wireless · Sierra Wireless Airlink Es450

CVE-2018-4068

Weakness Enumeration

Related Identifiers

Affected Products

References · 3