{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T17:58:27.546","vulnerabilities":[{"cve":{"id":"CVE-2018-4066","sourceIdentifier":"talos-cna@cisco.com","published":"2019-05-06T19:29:00.763","lastModified":"2024-11-21T04:06:40.910","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability."},{"lang":"es","value":"En la funcionalidad del ACEManager de Sierra Wireless AirLink ES450 FW 4.9.3 existe una vulnerabilidad explotable de CSRF. Una solicitud HTTP especialmente diseñada puede hacer que un usuario autenticado realice solicitudes privilegiadas sin saberlo, lo que provoca que se realicen solicitudes no autenticadas a través de un usuario autenticado. Un atacante puede conseguir que un usuario autenticado solicite páginas autenticadas en nombre del atacante para activar esta vulnerabilidad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:M\/Au:N\/C:P\/I:P\/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*","matchCriteriaId":"1B67419F-92AF-48DF-873D-F9E0190BFFD0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*","matchCriteriaId":"3E042BE5-9B2E-42B9-B455-FDB35251B0A6"}]}]}],"references":[{"url":"http:\/\/packetstormsecurity.com\/files\/152651\/Sierra-Wireless-AirLink-ES450-ACEManager-Cross-Site-Request-Forgery.html","source":"talos-cna@cisco.com"},{"url":"http:\/\/www.securityfocus.com\/bid\/108147","source":"talos-cna@cisco.com"},{"url":"https:\/\/ics-cert.us-cert.gov\/advisories\/ICSA-19-122-03","source":"talos-cna@cisco.com"},{"url":"https:\/\/talosintelligence.com\/vulnerability_reports\/TALOS-2018-0751","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"http:\/\/packetstormsecurity.com\/files\/152651\/Sierra-Wireless-AirLink-ES450-ACEManager-Cross-Site-Request-Forgery.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http:\/\/www.securityfocus.com\/bid\/108147","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/ics-cert.us-cert.gov\/advisories\/ICSA-19-122-03","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/talosintelligence.com\/vulnerability_reports\/TALOS-2018-0751","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}