Threat Research

Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450

Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities.

Executive summary

Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to remotely execute code on the victim machine, change the administrator's password and expose user credentials, among other scenarios. The majority of these vulnerabilities exist in ACEManager, the web server included with the ES450. ACEManager is responsible for the majority of interactions on the device, including device reconfiguration, user authentication and certificate management.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Sierra Wireless to ensure that these issues are resolved and that an update is available for affected customers.

Read More »

Share:


Attachments

  • Original document
  • Permalink

Disclaimer

Cisco Systems Inc. published this content on 25 April 2019 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 25 April 2019 18:22:09 UTC