Lucene search

[email protected]NVD:CVE-2017-15043

HistoryMay 04, 2018 - 8:29 p.m.

CVE-2017-15043

2018-05-0420:29:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

51.5%

JSON

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.

Affected configurations

Nvd

Node

sierrawirelessgx440_firmwareRange<4.4.5

AND

sierrawirelessgx440Match-

Node

sierrawirelesses440_firmwareRange<4.4.5

AND

sierrawirelesses440Match-

Node

sierrawirelessls300_firmwareRange<4.4.5

AND

sierrawirelessls300Match-

Node

sierrawirelessgx400_firmwareRange<4.4.5

AND

sierrawirelessgx400Match-

Node

sierrawirelesses450_firmwareRange<4.9

AND

sierrawirelesses450Match-

Node

sierrawirelessrv50_firmwareRange<4.9

AND

sierrawirelessrv50Match-

Node

sierrawirelessrv50x_firmwareRange<4.9

AND

sierrawirelessrv50xMatch-

Node

sierrawirelessmp70_firmwareRange<4.9

AND

sierrawirelessmp70Match-

Node

sierrawirelessmp70e_firmwareRange<4.9

AND

sierrawirelessmp70eMatch-

Node

sierrawirelessgx450_firmwareRange<4.9

AND

sierrawirelessgx450Match-

VendorProductVersionCPE
sierrawirelessgx440_firmware*cpe:2.3:o:sierrawireless:gx440_firmware:*:*:*:*:*:*:*:*
sierrawirelessgx440-cpe:2.3:h:sierrawireless:gx440:-:*:*:*:*:*:*:*
sierrawirelesses440_firmware*cpe:2.3:o:sierrawireless:es440_firmware:*:*:*:*:*:*:*:*
sierrawirelesses440-cpe:2.3:h:sierrawireless:es440:-:*:*:*:*:*:*:*
sierrawirelessls300_firmware*cpe:2.3:o:sierrawireless:ls300_firmware:*:*:*:*:*:*:*:*
sierrawirelessls300-cpe:2.3:h:sierrawireless:ls300:-:*:*:*:*:*:*:*
sierrawirelessgx400_firmware*cpe:2.3:o:sierrawireless:gx400_firmware:*:*:*:*:*:*:*:*
sierrawirelessgx400-cpe:2.3:h:sierrawireless:gx400:-:*:*:*:*:*:*:*
sierrawirelesses450_firmware*cpe:2.3:o:sierrawireless:es450_firmware:*:*:*:*:*:*:*:*
sierrawirelesses450-cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sierrawireless	gx440_firmware	*	cpe:2.3:o:sierrawireless:gx440_firmware::::::::
sierrawireless	gx440	-	cpe:2.3:h:sierrawireless:gx440:-:::::::*
sierrawireless	es440_firmware	*	cpe:2.3:o:sierrawireless:es440_firmware::::::::
sierrawireless	es440	-	cpe:2.3:h:sierrawireless:es440:-:::::::*
sierrawireless	ls300_firmware	*	cpe:2.3:o:sierrawireless:ls300_firmware::::::::
sierrawireless	ls300	-	cpe:2.3:h:sierrawireless:ls300:-:::::::*
sierrawireless	gx400_firmware	*	cpe:2.3:o:sierrawireless:gx400_firmware::::::::
sierrawireless	gx400	-	cpe:2.3:h:sierrawireless:gx400:-:::::::*
sierrawireless	es450_firmware	*	cpe:2.3:o:sierrawireless:es450_firmware::::::::
sierrawireless	es450	-	cpe:2.3:h:sierrawireless:es450:-:::::::*

Rows per page:

1-10 of 201

References

source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

51.5%

JSON

Related for NVD:CVE-2017-15043

prion1 cvelist1 cve1 threatpost1