CVE-2018-4070

Exploit

EPSS 38.87%
Veröffentlicht 06.05.2019 19:29:00
Zuletzt bearbeitet 21.11.2024 04:06:41
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sierrawireless ≫ Airlink Es450 Firmware Version4.9.3

Sierrawireless ≫ Airlink Es450 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	38.87%	0.971

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0755

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-4070

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-4070

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-4070

EUVD