CVE-2018-4062

Опубликовано: 06 мая 2019

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Низкий

Описание

A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability.

Ссылки

http://packetstormsecurity.com/files/152647/Sierra-Wireless-AirLink-ES450-SNMPD-Hard-Coded-Credentials.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/108147
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
Third Party Advisory
VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0747
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/152647/Sierra-Wireless-AirLink-ES450-SNMPD-Hard-Coded-Credentials.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/108147
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03
Third Party Advisory
VDB Entry
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0747
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*

cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00306

Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-x7qh-pj6r-h933