CVE-2018-4073
Last modified
CVE-2018-4073 is a vulnerability of currently unknown severity. An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. EPSS estimates a 25.39% chance of exploitation in the next 30 days.
Description
An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Airlink Es450 Firmware | 4.9.3 |
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0756Exploit, Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0756Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-4073?
How severe is CVE-2018-4073?
How do I fix CVE-2018-4073?
Are you affected by CVE-2018-4073?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST