|2017-04-25||Other||Sierra Wireless||Independent researcher Karn Ganeshen identified and publicly released vulnerabilities in the Sierra Wireless AirLink Raven XE an||N/A||CVE-2017-6044 CVE-2017-6042 CVE-2017-6046 ||N/A||N/A||N/A|
# Sierra Wireless AirLink Raven XE and XT
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
AirLink Raven XE and XT
Independent researcher Karn Ganeshen identified and publicly released vulnerabilities in the Sierra Wireless AirLink Raven XE and XT Gateways prior to coordinating with ICS-CERT; however, the researcher did initially coordinate the identified vulnerabilities with the vendor.
### AFFECTED PRODUCTS
The following Sierra Wireless gateways are affected:
AirLink Raven XE, all versions prior to 4.0.14, and
AirLink Raven XT, all versions prior to 4.0.11.
Successful exploitation of these vulnerabilities may allow a remote attacker to perform unauthorized sensitive functions compromising the confidentiality, integrity, and availability of the affected system.
### VULNERABILITY OVERVIEW
IMPROPER AUTHORIZATION CWE-285
Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.
CVE-2017-6044 has been assigned to this vulnerability.
A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CROSS-SITE REQUEST FORGERY (CSRF) CWE-352
Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.
CVE-2017-6042 has been assigned to this vulnerability.
A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.
CVE-2017-6046 has been assigned to this vulnerability.
A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
Critical Infrastructure Sector(s): Critical Manufacturing, Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: British Columbia, Canada
Sierra Wireless has released new firmware versions to address the forced browsing and cross-site request forgery vulnerabilities. Sierra Wireless reports that the insufficiently protected credentials vulnerability will not be addressed.
Sierra Wireless's Raven XE firmware Version 4.0.14, is available at the following location:
Sierra Wireless's Raven XT firmware Version 4.0.11, is available at the following location:
Sierra Wireless has released a Technical Bulletin, which is available at the following location:
For additional information about these vulnerabilities or the recommendations provided, please contact Sierra Wireless' security team at: