{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T15:58:03.745","vulnerabilities":[{"cve":{"id":"CVE-2018-4073","sourceIdentifier":"talos-cna@cisco.com","published":"2019-05-06T19:29:01.090","lastModified":"2024-11-21T04:06:42.050","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi is a very similar endpoint that is designed for use with setting table values that can cause an arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de Asignación de Permisos en la funcionalidad de ACEManager EmbeddedAceSet_Task.cgi de Sierra Wireless AirLink ES450 FW 4.9.3. El binario del endpoint /cgi-bin/Embeded_Ace_TLSet_Task.cgi es muy similar al endpoint que está diseñado para usar la tabla de valores de configuración que puede causar la escritura de ajustes aleatorios, resultando en cambios no verificados en cualquier configuración del sistema. Un atacante puede realizar una petición HTTP autenticada, o ejecutar el binario como cualquier usuario, para activar esta vulnerabilidad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*","matchCriteriaId":"1B67419F-92AF-48DF-873D-F9E0190BFFD0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*","matchCriteriaId":"3E042BE5-9B2E-42B9-B455-FDB35251B0A6"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0756","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0756","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}