CVE-2017-6042

Published: Jun 30, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.

Affected (2)

Products: Sierra Wireless: Airlink Raven Xe Firmware, Airlink Raven Xt Firmware

Sierra Wireless

2 products

Airlink Raven Xe Firmware

Airlink Raven Xt Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sierra Wireless Airlink Raven Xe Firmware	Up to -

Running on/with	Platform Versions
Sierra Wireless Airlink Raven Xe	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sierra Wireless Airlink Raven Xt Firmware	All versions

Running on/with	Platform Versions
Sierra Wireless Airlink Raven Xt	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www.securityfocus.com/bid/98036

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government ResourceVDB Entry

http://www.securityfocus.com/bid/98036

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government ResourceVDB Entry

Timeline

No history available yet.