Lucene search

IcscertCVE-2017-6042

HistoryJun 30, 2017 - 3:29 a.m.

CVE-2017-6042

2017-06-3003:29:00

CWE-352

icscert

web.nvd.nist.gov

cve-2017-6042

cross-site request forgery

sierra wireless

airlink raven xe

airlink raven xt

nvd

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

45.6%

JSON

A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.

Affected configurations

Nvd

Node

sierra_wirelessairlink_raven_xe_firmwareRange≤-

AND

sierra_wirelessairlink_raven_xeMatch-

Node

sierra_wirelessairlink_raven_xt_firmwareMatch-

AND

sierra_wirelessairlink_raven_xtMatch-

VendorProductVersionCPE
sierra_wirelessairlink_raven_xe_firmware*cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*
sierra_wirelessairlink_raven_xe-cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*
sierra_wirelessairlink_raven_xt_firmware-cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*
sierra_wirelessairlink_raven_xt-cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sierra_wireless	airlink_raven_xe_firmware	*	cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware::::::::
sierra_wireless	airlink_raven_xe	-	cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:::::::*
sierra_wireless	airlink_raven_xt_firmware	-	cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:::::::*
sierra_wireless	airlink_raven_xt	-	cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:::::::*

CNA Affected

[
  {
    "product": "Sierra Wireless AirLink Raven XE and XT",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Sierra Wireless AirLink Raven XE and XT"
      }
    ]
  }
]

References

www.securityfocus.com/bid/98036

ics-cert.us-cert.gov/advisories/ICSA-17-115-02

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

45.6%

JSON

Related for CVE-2017-6042