CVE-2018-4070
Last modified
CVE-2018-4070 is a vulnerability of currently unknown severity. An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint.. EPSS estimates a 18.29% chance of exploitation in the next 30 days.
Description
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCIID is discovered, any authenticated user can send configuration changes using the /cgi-bin/Embedded_Ace_Get_Task.cgi endpoint.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Airlink Es450 Firmware | 4.9.3 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0755Exploit, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0755Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-4070?
How severe is CVE-2018-4070?
How do I fix CVE-2018-4070?
Are you affected by CVE-2018-4070?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST