CVE-2018-4068: Infoleak
First published: Mon May 06 2019(Updated: )
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sierrawireless Airlink Es450 Firmware | =4.9.3 | |
| Sierrawireless Airlink Es450 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-4068?
CVE-2018-4068 is an exploitable information disclosure vulnerability in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3.
What is the severity of CVE-2018-4068?
CVE-2018-4068 has a severity rating of medium with a score of 5.3.
How does CVE-2018-4068 affect Sierra Wireless AirLink ES450 FW 4.9.3?
CVE-2018-4068 allows an attacker to disclose the default configuration of the device by sending an unauthenticated HTTP request.
Is Sierra Wireless AirLink ES450 FW 4.9.3 the only affected software?
Sierra Wireless AirLink ES450 FW 4.9.3 is the affected software for CVE-2018-4068.
How can I fix CVE-2018-4068?
To fix CVE-2018-4068, it is recommended to update Sierra Wireless AirLink ES450 FW to a version that is not affected.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/sierrawireless
- canonical/sierrawireless airlink es450 firmware
- version/sierrawireless airlink es450 firmware/4.9.3
- canonical/sierrawireless airlink es450