admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 18:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2018/CVE-2018-4069.md

19 lines
986 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2018-4069](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4069)
![](https://img.shields.io/static/v1?label=Product&message=Sierra%20Wireless&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Encryption%20of%20Sensitive%20Data&color=brighgreen)
### Description
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
### POC
#### Reference
- http://packetstormsecurity.com/files/152654/Sierra-Wireless-AirLink-ES450-ACEManager-Information-Exposure.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0754
#### Github
- https://github.com/ARPSyndicate/cvemon
Reference in New Issue Copy Permalink