VAR-201606-0534
Vulnerability from variot - Updated: 2022-05-17 02:07- An attacker exploits a vulnerability to entice a user to visit a malicious link or download a malicious file. AirLinkRavenXT and XE are SierraWireless's M2M gateways that provide remote monitoring and industrial application control. There is a sniffing credential vulnerability in AirLinkRavenXT and XE. An attacker exploits a vulnerability to sniff a voucher and log into the system. Sierra Wireless AirLink Raven XE and XT are wireless gateway products from Canada's Sierra Wireless. Sierra Wireless AirLink Raven XE and XT Gateway exist 1. Arbitrary file upload vulnerability 2. Cross-site request forgery vulnerability 3. Information disclosure vulnerability. A remote attacker can use these vulnerabilities to upload arbitrary files, perform unauthorized operations, and obtain permissions and sensitive information about the affected device. A cross-site request-forgery and 3
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0534",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless airlink raven xt",
"scope": null,
"trust": 1.8,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink raven xe",
"scope": null,
"trust": 1.8,
"vendor": "sierra",
"version": null
},
{
"model": "wireless airlink raven xt",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "*"
},
{
"model": "wireless airlink raven xe",
"scope": "eq",
"trust": 0.6,
"vendor": "sierra",
"version": "*"
},
{
"model": "wireless airlink raven xe and xt gateways",
"scope": null,
"trust": 0.6,
"vendor": "sierra",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6"
},
{
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"db": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8"
},
{
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"db": "CNVD",
"id": "CNVD-2016-04489"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "91527"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-513"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05232",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04488",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04487",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04489",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "19fe5897-0f84-413e-922a-1dae606b02b8",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2016-05232",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-04488",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04487",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04489",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6"
},
{
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"db": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8"
},
{
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"db": "CNVD",
"id": "CNVD-2016-04489"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "1. An attacker exploits a vulnerability to entice a user to visit a malicious link or download a malicious file. AirLinkRavenXT and XE are SierraWireless\u0027s M2M gateways that provide remote monitoring and industrial application control. There is a sniffing credential vulnerability in AirLinkRavenXT and XE. An attacker exploits a vulnerability to sniff a voucher and log into the system. Sierra Wireless AirLink Raven XE and XT are wireless gateway products from Canada\u0027s Sierra Wireless. \nSierra Wireless AirLink Raven XE and XT Gateway exist 1. Arbitrary file upload vulnerability 2. Cross-site request forgery vulnerability 3. Information disclosure vulnerability. A remote attacker can use these vulnerabilities to upload arbitrary files, perform unauthorized operations, and obtain permissions and sensitive information about the affected device. A cross-site request-forgery and\n3",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"db": "CNVD",
"id": "CNVD-2016-04489"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-513"
},
{
"db": "BID",
"id": "91527"
},
{
"db": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6"
},
{
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"db": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-16-182-01",
"trust": 2.1
},
{
"db": "BID",
"id": "91527",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2016-04487",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-04488",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-04489",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-05232",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201607-513",
"trust": 0.6
},
{
"db": "IVD",
"id": "14D171D7-63A6-4B5B-A264-C300703C5FC6",
"trust": 0.2
},
{
"db": "IVD",
"id": "872B27F5-AFCD-42A2-8289-77A1BA20E71A",
"trust": 0.2
},
{
"db": "IVD",
"id": "19FE5897-0F84-413E-922A-1DAE606B02B8",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6"
},
{
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"db": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8"
},
{
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"db": "CNVD",
"id": "CNVD-2016-04489"
},
{
"db": "BID",
"id": "91527"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-513"
}
]
},
"id": "VAR-201606-0534",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6"
},
{
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"db": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8"
},
{
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"db": "CNVD",
"id": "CNVD-2016-04489"
}
],
"trust": 3.8245614
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 1.8
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6"
},
{
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"db": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8"
},
{
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"db": "CNVD",
"id": "CNVD-2016-04489"
}
]
},
"last_update_date": "2022-05-17T02:07:07.416000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/alerts/ics-alert-16-182-01"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91527"
},
{
"trust": 0.3,
"url": "http://www.sierrawireless.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"db": "CNVD",
"id": "CNVD-2016-04489"
},
{
"db": "BID",
"id": "91527"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6"
},
{
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"db": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8"
},
{
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"db": "CNVD",
"id": "CNVD-2016-04489"
},
{
"db": "BID",
"id": "91527"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-06T00:00:00",
"db": "IVD",
"id": "14d171d7-63a6-4b5b-a264-c300703c5fc6"
},
{
"date": "2016-07-06T00:00:00",
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"date": "2016-07-06T00:00:00",
"db": "IVD",
"id": "19fe5897-0f84-413e-922a-1dae606b02b8"
},
{
"date": "2016-07-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"date": "2016-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"date": "2016-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"date": "2016-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04489"
},
{
"date": "2016-06-30T00:00:00",
"db": "BID",
"id": "91527"
},
{
"date": "2016-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05232"
},
{
"date": "2016-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04488"
},
{
"date": "2016-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04487"
},
{
"date": "2016-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04489"
},
{
"date": "2016-06-30T00:00:00",
"db": "BID",
"id": "91527"
},
{
"date": "2016-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-513"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sierra Wireless AirLink Raven XE/XT Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "872b27f5-afcd-42a2-8289-77a1ba20e71a"
},
{
"db": "CNVD",
"id": "CNVD-2016-04488"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-513"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…