Lucene search

IcscertCVE-2017-6044

HistoryJun 30, 2017 - 3:29 a.m.

CVE-2017-6044

2017-06-3003:29:00

CWE-285

CWE-306

icscert

web.nvd.nist.gov

cve-2017-6044

improper authorization

sierra wireless

airlink raven xe

airlink raven xt

security vulnerability

remote access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.

Affected configurations

Nvd

Node

sierra_wirelessairlink_raven_xe_firmwareRange≤-

AND

sierra_wirelessairlink_raven_xeMatch-

Node

sierra_wirelessairlink_raven_xt_firmwareMatch-

AND

sierra_wirelessairlink_raven_xtMatch-

VendorProductVersionCPE
sierra_wirelessairlink_raven_xe_firmware*cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*
sierra_wirelessairlink_raven_xe-cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*
sierra_wirelessairlink_raven_xt_firmware-cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*
sierra_wirelessairlink_raven_xt-cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sierra_wireless	airlink_raven_xe_firmware	*	cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware::::::::
sierra_wireless	airlink_raven_xe	-	cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:::::::*
sierra_wireless	airlink_raven_xt_firmware	-	cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:::::::*
sierra_wireless	airlink_raven_xt	-	cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:::::::*

CNA Affected

[
  {
    "product": "Sierra Wireless AirLink Raven XE and XT",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Sierra Wireless AirLink Raven XE and XT"
      }
    ]
  }
]

References

www.securityfocus.com/bid/98036

ics-cert.us-cert.gov/advisories/ICSA-17-115-02

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

Related for CVE-2017-6044