Lucene search

[email protected]NVD:CVE-2019-11852

HistoryAug 21, 2020 - 7:15 p.m.

CVE-2019-11852

2020-08-2119:15:11

CWE-125

[email protected]

web.nvd.nist.gov

out-of-bounds reads

aceview service

aleos

sensitive information

lan

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.

Affected configurations

Nvd

Node

sierrawirelessaleosRange<4.13.0

AND

sierrawirelessairlink_lx40Match-

sierrawirelessairlink_lx60Match-

sierrawirelessairlink_mp70Match-

sierrawirelessairlink_mp70eMatch-

sierrawirelessairlink_rv50Match-

sierrawirelessairlink_rv50xMatch-

Node

sierrawirelessaleosRange<4.9.5

AND

sierrawirelessairlink_es450Match-

sierrawirelessairlink_gx450Match-

Node

sierrawirelessaleosRange<4.4.9

AND

sierrawirelessairlink_es440Match-

sierrawirelessairlink_gx400Match-

sierrawirelessairlink_gx440Match-

sierrawirelessairlink_ls300Match-

VendorProductVersionCPE
sierrawirelessaleos*cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
sierrawirelessairlink_lx40-cpe:2.3:h:sierrawireless:airlink_lx40:-:*:*:*:*:*:*:*
sierrawirelessairlink_lx60-cpe:2.3:h:sierrawireless:airlink_lx60:-:*:*:*:*:*:*:*
sierrawirelessairlink_mp70-cpe:2.3:h:sierrawireless:airlink_mp70:-:*:*:*:*:*:*:*
sierrawirelessairlink_mp70e-cpe:2.3:h:sierrawireless:airlink_mp70e:-:*:*:*:*:*:*:*
sierrawirelessairlink_rv50-cpe:2.3:h:sierrawireless:airlink_rv50:-:*:*:*:*:*:*:*
sierrawirelessairlink_rv50x-cpe:2.3:h:sierrawireless:airlink_rv50x:-:*:*:*:*:*:*:*
sierrawirelessairlink_es450-cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*
sierrawirelessairlink_gx450-cpe:2.3:h:sierrawireless:airlink_gx450:-:*:*:*:*:*:*:*
sierrawirelessairlink_es440-cpe:2.3:h:sierrawireless:airlink_es440:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sierrawireless	aleos	*	cpe:2.3:o:sierrawireless:aleos::::::::
sierrawireless	airlink_lx40	-	cpe:2.3:h:sierrawireless:airlink_lx40:-:::::::*
sierrawireless	airlink_lx60	-	cpe:2.3:h:sierrawireless:airlink_lx60:-:::::::*
sierrawireless	airlink_mp70	-	cpe:2.3:h:sierrawireless:airlink_mp70:-:::::::*
sierrawireless	airlink_mp70e	-	cpe:2.3:h:sierrawireless:airlink_mp70e:-:::::::*
sierrawireless	airlink_rv50	-	cpe:2.3:h:sierrawireless:airlink_rv50:-:::::::*
sierrawireless	airlink_rv50x	-	cpe:2.3:h:sierrawireless:airlink_rv50x:-:::::::*
sierrawireless	airlink_es450	-	cpe:2.3:h:sierrawireless:airlink_es450:-:::::::*
sierrawireless	airlink_gx450	-	cpe:2.3:h:sierrawireless:airlink_gx450:-:::::::*
sierrawireless	airlink_es440	-	cpe:2.3:h:sierrawireless:airlink_es440:-:::::::*

Rows per page:

1-10 of 131

References

source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Related for NVD:CVE-2019-11852

prion1 cve1 cvelist1