← Voltar para CVEs
CVE-2018-4069
N/ADescricao
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado5/6/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
sierrawireless:airlink_es450sierrawireless:airlink_es450_firmware
Fraquezas (CWE)
CWE-200
Referencias
http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html(talos-cna@cisco.com)
http://www.securityfocus.com/bid/108147(talos-cna@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754(talos-cna@cisco.com)
http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/108147(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03(af854a3a-2127-422b-91ae-364da2661108)
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.