{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T03:10:25.500","vulnerabilities":[{"cve":{"id":"CVE-2017-6042","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-06-30T03:29:00.593","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request."},{"lang":"es","value":"Se ha descubierto un problema de Cross-Site Request Forgery (CSRF) en Sierra Wireless AirLink Raven XE, en todas las versiones anteriores a la 4.0.14, y en AirLink Raven XT, en todas las versiones anteriores a la 4.0.11. Los dispositivos afectados no verifican si una petición fue intencionadamente enviada por el usuario que ha iniciado sesión, lo que podría permitir que un atacante engañe a un cliente para que realice una petición no intencionada al servidor web que será tratada como petición auténtica."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"-","matchCriteriaId":"BBD39D07-982E-4B1A-910C-76190E77665C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*","matchCriteriaId":"F96F360C-3F60-462E-92A3-EE44E3624CCE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3AF87F04-D3EC-49B7-BDD7-9FCE2324B051"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*","matchCriteriaId":"4D81786F-6C77-42F1-ADDF-594B8D53584F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/98036","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/98036","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource","VDB Entry"]}]}}]}