Lucene search

[email protected]CVE-2015-2897

HistoryAug 08, 2015 - 1:59 a.m.

CVE-2015-2897

2015-08-0801:59:00

CWE-200

[email protected]

web.nvd.nist.gov

sierra wireless

aleos

airlink

hardcoded root accounts

remote attackers

administrative access

ssh

telnet

cve-2015-2897

nvd

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

75.1%

JSON

Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.

Affected configurations

NVD

Node

sierrawirelessaleosRange≤4.4.1

AND

sierrawirelessairlink_es440

sierrawirelessairlink_es450

sierrawirelessairlink_gx440

sierrawirelessairlink_gx450

sierrawirelessairlink_ls300

CPENameOperatorVersion
sierrawireless:aleossierrawireless aleosle4.4.1

CPE	Name	Operator	Version
sierrawireless:aleos	sierrawireless aleos	le	4.4.1

References

www.kb.cert.org/vuls/id/628568

7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

75.1%

JSON

Related for CVE-2015-2897

cvelist1 prion1 nvd1 cert1