CVE-2018-4066

Related Files

Sierra Wireless AirLink ES450 ACEManager Cross Site Request Forgery

Posted Apr 26, 2019

Authored by Cisco Talos, Jared Rittle, Carl Hurd | Site talosintelligence.com

An exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability.

tags | exploit, web, csrf

advisories | CVE-2018-4066

SHA-256 | 7446e3c936f9c136b678adfb1f9ae27d1dee0b2057e87e5de249142841de43f3

Download | Favorite | View