cbcvebase.
CVE-2018-4069
published 2019-05-06

CVE-2018-4069: An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager…

PriorityP347high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
4.01%
89.3th percentile
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
sierrawirelessairlink_es450_firmware

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.