Vulnerability Description
Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET session.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Aleos | <= 4.4.1 |
| Sierrawireless | Airlink Es440 | All versions |
| Sierrawireless | Airlink Es450 | All versions |
| Sierrawireless | Airlink Gx440 | All versions |
| Sierrawireless | Airlink Gx450 | All versions |
| Sierrawireless | Airlink Ls300 | All versions |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/628568Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/628568Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-2897?
CVE-2015-2897 is a vulnerability with a CVSS score of 10.0 (HIGH). Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices has hardcoded root accounts, which makes it easier for remote attackers to obtain administrative access via a (1) SSH or (2) TELNET...
How severe is CVE-2015-2897?
CVE-2015-2897 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2897?
Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Aleos, Sierrawireless Airlink Es440, Sierrawireless Airlink Es450, Sierrawireless Airlink Gx440, Sierrawireless Airlink Gx450.