Vulnerability Description
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sierra Wireless | Airlink Raven Xe Firmware | <= - |
| Sierra Wireless | Airlink Raven Xe | - |
| Sierra Wireless | Airlink Raven Xt Firmware | - |
| Sierra Wireless | Airlink Raven Xt | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98036Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02Third Party AdvisoryUS Government ResourceVDB Entry
- http://www.securityfocus.com/bid/98036Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02Third Party AdvisoryUS Government ResourceVDB Entry
FAQ
What is CVE-2017-6044?
CVE-2017-6044 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can ...
How severe is CVE-2017-6044?
CVE-2017-6044 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-6044?
Check the references section above for vendor advisories and patch information. Affected products include: Sierra Wireless Airlink Raven Xe Firmware, Sierra Wireless Airlink Raven Xe, Sierra Wireless Airlink Raven Xt Firmware, Sierra Wireless Airlink Raven Xt.