CVE-2018-4062

{"id": "CVE-2018-4062", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-05-06T19:29:00.577", "references": [{"url": "http://packetstormsecurity.com/files/152647/Sierra-Wireless-AirLink-ES450-SNMPD-Hard-Coded-Credentials.html", "tags": ["Exploit", "VDB Entry", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "http://www.securityfocus.com/bid/108147", "tags": ["Third Party Advisory", "VDB Entry"], "source": "talos-cna@cisco.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03", "tags": ["Third Party Advisory", "VDB Entry"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0747", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de credenciales embebidas en la funci\u00f3n snmpd del Sierra Wireless AirLink ES450 FW 4.9.3. La activaci\u00f3n de snmpd fuera de la interfaz WebUI puede causar la activaci\u00f3n de las credenciales embebidas, que dar\u00e1 como resultado la exposici\u00f3n de un usuario privilegiado. Un atacante puede activar snmpd sin ning\u00fan cambio de configuraci\u00f3n para desencadenar esta vulnerabilidad."}], "lastModified": "2019-05-08T17:03:19.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B67419F-92AF-48DF-873D-F9E0190BFFD0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E042BE5-9B2E-42B9-B455-FDB35251B0A6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}