CVE-2017-15043 — HIGH (8.8)

Q: How severe is CVE-2017-15043?

CVE-2017-15043 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-15043?

Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Gx440 Firmware, Sierrawireless Gx440, Sierrawireless Es440 Firmware, Sierrawireless Es440, Sierrawireless Ls300 Firmware.

Vulnerability Description

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sierrawireless	Gx440 Firmware	< 4.4.5
Sierrawireless	Gx440	-
Sierrawireless	Es440 Firmware	< 4.4.5
Sierrawireless	Es440	-
Sierrawireless	Ls300 Firmware	< 4.4.5
Sierrawireless	Ls300	-
Sierrawireless	Gx400 Firmware	< 4.4.5
Sierrawireless	Gx400	-
Sierrawireless	Es450 Firmware	< 4.9
Sierrawireless	Es450	-
Sierrawireless	Rv50 Firmware	< 4.9
Sierrawireless	Rv50	-
Sierrawireless	Rv50X Firmware	< 4.9
Sierrawireless	Rv50X	-
Sierrawireless	Mp70 Firmware	< 4.9
Sierrawireless	Mp70	-
Sierrawireless	Mp70E Firmware	< 4.9
Sierrawireless	Mp70E	-
Sierrawireless	Gx450 Firmware	< 4.9
Sierrawireless	Gx450	-

Related Weaknesses (CWE)

CWE-20

References

https://source.sierrawireless.com/resources/airlink/software_reference_docs/techMitigationVendor Advisory
https://source.sierrawireless.com/resources/airlink/software_reference_docs/techMitigationVendor Advisory

FAQ

What is CVE-2017-15043?

CVE-2017-15043 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow...

How severe is CVE-2017-15043?

CVE-2017-15043 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15043?

Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Gx440 Firmware, Sierrawireless Gx440, Sierrawireless Es440 Firmware, Sierrawireless Es440, Sierrawireless Ls300 Firmware.