CVE-2023-31280

{"id": "CVE-2023-31280", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@sierrawireless.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-12-21T00:15:27.603", "references": [{"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-002/", "source": "security@sierrawireless.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "security@sierrawireless.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An AirVantage online Warranty Checker tool vulnerability could allow an attacker to \nperform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial \nNumber in addition to the warranty status when the Serial Number or IMEI is used to look up \nwarranty status."}], "lastModified": "2024-12-21T00:15:27.603", "sourceIdentifier": "security@sierrawireless.com"}