CVE-2018-4069
HIGHSierra Wireless AirLink ES450 Firmware 4.9.3 - Information Exposure via Plaintext ACEManager Authentication
Title source: llmDescription
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html
Various Sources x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108147
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754
Scores
CVSS v3
7.5
EPSS
0.0401
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
sierrawireless/airlink_es450_firmware
4.9.3
Published
May 06, 2019
Tracked Since
Feb 18, 2026