CVE-2018-4072

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

Design/Logic Flaw

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

CVE-2018-4073

Concisely: CVE-2018-4073 affects Sierra Wireless AirLink ES450 (and related GX450) running FW 4.9.3, involving Embedded_Ace_Set_Task.cgi/Embedded_Ace_TLSet_Task.cgi in ACEManager. The flaw enables an authenticated user (or an attacker who can access via SSH) to perform arbitrary setting writes, e...

CVE-2018-4072

The CVE-2018-4072 vulnerability affects Sierra Wireless AirLink ES450 running FW 4.9.3, in the ACEManager EmbeddedAceSet_Task.cgi component. Affected by a permission-assignment flaw that allows an authenticated user to modify configuration values via the /cgi-bin/Embedded_Ace_Set_Task.cgi endpoin...

Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment

Talos Vulnerability Report TALOS-2018-0756 Sierra Wireless AirLink ES450 ACEManager EmbeddedAceSetTask.cgi Permission Assignment Vulnerability April 25, 2019 CVE Number CVE-2018-4072, CVE-2018-4073 Summary An exploitable Permission Assignment vulnerability exists in the ACEManager...