CVE-2013-2819

Published Jan 15, 2014

Last updated 11 years ago

Overview

Description: The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to install Trojan horse firmware by leveraging cleartext credentials in a crafted (1) update or (2) reprogramming action.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Evaluator

Comment: Per: http://www.sierrawireless.com/resources/support/airlink/docs/raven%20security%20vulnerability%202014-01-10.pdf "Products affected by this vulnerability include the Raven X, Raven XE, Raven XT, PinPoint X, PinPoint XT and MP Products."
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4221_4.0.11.003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6598EB85-9308-4C86-B99A-86DBD10B2891"
          },
          {
            "criteria": "cpe:2.3:o:sierrawireless:raven_x_ev-do_firmware:4228_4.0.11.003:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54E7B1E7-CB00-4782-A43C-3FF5EEFE64D6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_at\\&t:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53755BE2-114E-4653-AFC2-821B00EC4FFA"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_at\\&t_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBB741FE-9052-419A-B9D3-0884C2ACBDC4"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_bell:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "786A6F41-D31E-43C5-B8DD-DE067E9539B5"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_bell_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58A53D52-FEA3-4846-90D9-9F1798079EED"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_row:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6582EBFD-F674-4875-8C25-7C34A23C5D77"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_row_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB939927-FA4F-40FE-A0DD-FF07A7D632F4"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_sprint:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98A8359A-F306-43F9-A493-A84E83392CDC"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_sprint_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1668778A-D804-4D84-9A31-F7EE54BD415A"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_telus:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4403EE5A-CE5F-44EC-B5C6-2374889D79FD"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_telus_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF1FCBA7-05A8-4591-8A5E-E1BE168E15F5"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_verizon:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9093B6C-A10F-4149-BF20-F7732B4EE3FF"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp_verizon_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B52509FC-B6F6-4F3C-BC8E-E85684762C90"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:pinpoint_x:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4227E6F-284F-4EDF-86CA-C4AD704C04AD"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:pinpoint_xt:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B07D5090-3307-4EAD-B4B4-1F0C72DE1638"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:raven_x:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50D6F983-72E5-4DF7-9F09-06BDE2C17C18"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:raven_x_ev-do:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BE2ACC6-8F72-43D2-8717-BE5B9D84D913"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:raven_xe:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0070BC42-877D-4B86-9F72-7241E104480A"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:raven_xt:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C33F271D-81BD-4B66-9EF6-6BEFA9C775A9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References