CVE-2017-6044

Published Jun 30, 2017

Last updated 21 days ago

CVSS critical 9.8

Overview

Description: An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.
Source: ics-cert@hq.dhs.gov
NVD status: Deferred

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

ics-cert@hq.dhs.gov: CWE-285
nvd@nist.gov: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBD39D07-982E-4B1A-910C-76190E77665C",
            "versionEndIncluding": "-"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F96F360C-3F60-462E-92A3-EE44E3624CCE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AF87F04-D3EC-49B7-BDD7-9FCE2324B051"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4D81786F-6C77-42F1-ADDF-594B8D53584F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References