Vulnerability CVE-2018-4064


Published: 2019-10-31   Modified: 2019-11-05

Description:
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
Cisco Talos
28.04.2019

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0749

Copyright 2024, cxsecurity.com

 

Back to Top