Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
April 25, 2019 at 11:53 pm IST
Share
Threat Research
Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450
Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities.
Executive summary
Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator's password and expose user credentials, among other scenarios. The majority of these vulnerabilities exist in ACEManager, the web server included with the ES450. ACEManager is responsible for the majority of interactions on the device, including device reconfiguration, user authentication and certificate management.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Sierra Wireless to ensure that these issues are resolved and that an update is available for affected customers.
Read More »
Share:
Attachments
Original document
Permalink
Disclaimer
Cisco Systems Inc. published this content on 25 April 2019 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 25 April 2019 18:22:09 UTC
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).