CVE-2017-6046 - OpenCVE

An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sierra Wireless	Airlink Raven Xt Firmware Airlink Raven Xt Airlink Raven Xe Firmware Airlink Raven Xe

Configuration 1 [-]

AND

cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/98036	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02	Third Party Advisory US Government Resource VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2017-06-30T02:35:00

Updated: 2017-06-30T09:57:01

Reserved: 2017-02-16T00:00:00

Link: CVE-2017-6046

JSON object: View

NVD Information

Status : Modified

Published: 2017-06-30T03:29:00.657

Modified: 2019-10-09T23:28:37.997

Link: CVE-2017-6046

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Sierra Wireless AirLink Raven XE and XT", "vendor": "n/a", "versions": [{"status": "affected", "version": "Sierra Wireless AirLink Raven XE and XT"}]}], "datePublic": "2017-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02"}, {"name": "98036", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98036"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-6046", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sierra Wireless AirLink Raven XE and XT", "version": {"version_data": [{"version_value": "Sierra Wireless AirLink Raven XE and XT"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-522"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02"}, {"name": "98036", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98036"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-6046", "datePublished": "2017-06-30T02:35:00", "dateReserved": "2017-02-16T00:00:00", "dateUpdated": "2017-06-30T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBD39D07-982E-4B1A-910C-76190E77665C", "versionEndIncluding": "-", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*", "matchCriteriaId": "F96F360C-3F60-462E-92A3-EE44E3624CCE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF87F04-D3EC-49B7-BDD7-9FCE2324B051", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D81786F-6C77-42F1-ADDF-594B8D53584F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure."}, {"lang": "es", "value": "Se ha descubierto un problema de credenciales insuficientemente protegidas en Sierra Wireless AirLink Raven XE, en todas las versiones anteriores a la 4.0.14, y en AirLink Raven XT, en todas las versiones anteriores a la 4.0.11. La informaci\u00f3n sensible se protege de forma insuficiente durante la transmisi\u00f3n y es vulnerable a rastreo, que podr\u00eda conducir a una divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2017-6046", "lastModified": "2019-10-09T23:28:37.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-30T03:29:00.657", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98036"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource", "VDB Entry"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}