CSRF in Sierra Wireless

CVE-2018-4066

An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unkno…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.677 (98.6th percentile) — read the EPSS interpretation.

Affected products

N/a Sierra Wireless — versions Sierra Wireless AirLink ES450 FW 4.9.3

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

packetstormsecurity.com/files/152651/Sierra-Wireless-AirLink-ES450-ACEManager-C… (x_refsource_MISC)
ics-cert.us-cert.gov/advisories/ICSA-19-122-03 (x_refsource_MISC)
108147 (vdb-entry, x_refsource_BID)
talosintelligence.com/vulnerability_reports/TALOS-2018-0751 (x_refsource_MISC)