CVE-2023-31279 HIGH

CVE-2023-31279: Improper Authentication

Vendor Sierra Wireless
Product AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices.
Weakness CWE-287 · Improper authentication
Published December 20, 2024
Last update December 24, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This could enable an attacker to configure, manage, and execute AT commands on an unsuspecting user’s devices.

Key dates

02Disclosure timeline

December 20, 2024 CVE published
December 24, 2024 Record updated