PT-2019-10796 · Sierra Wireless · Sierra Wireless Airlink Es450

Published

2019-05-06

Updated

2019-05-07

CVE-2018-4069

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 FW version 4.9.3

Description An information disclosure issue exists in the ACEManager authentication functionality. This functionality uses plaintext XML to communicate with the web server, allowing an attacker to intercept network traffic and potentially exploit this issue.

Recommendations For Sierra Wireless AirLink ES450 FW version 4.9.3, consider restricting access to the device's network traffic to minimize the risk of exploitation. As a temporary workaround, limit the use of the ACEManager authentication functionality until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-4069

Affected Products

Sierra Wireless Airlink Es450

PT-2019-10796 · Sierra Wireless · Sierra Wireless Airlink Es450

CVE-2018-4069

Weakness Enumeration

Related Identifiers

Affected Products

References · 6