Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Aleos Security Vulnerabilities - 2020

cve
cve

CVE-2019-11847

An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.

7.8CVSS

7.7AI Score

0.002EPSS

2020-08-21 07:15 PM
40
cve
cve

CVE-2019-11848

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.

7.2CVSS

7AI Score

0.001EPSS

2020-08-21 07:15 PM
46
cve
cve

CVE-2019-11849

A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution.

6.7CVSS

7AI Score

0.0005EPSS

2020-08-21 07:15 PM
33
cve
cve

CVE-2019-11850

A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution

6.7CVSS

7AI Score

0.0005EPSS

2020-08-21 07:15 PM
41
cve
cve

CVE-2019-11852

An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.

9.1CVSS

8.9AI Score

0.002EPSS

2020-08-21 07:15 PM
42
cve
cve

CVE-2019-11853

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.

7.2CVSS

7.2AI Score

0.001EPSS

2020-08-21 07:15 PM
37
cve
cve

CVE-2019-11855

An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.

9.8CVSS

9.4AI Score

0.002EPSS

2020-08-21 07:15 PM
36
cve
cve

CVE-2019-11856

A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.

3.8CVSS

4.4AI Score

0.001EPSS

2020-08-21 07:15 PM
34
cve
cve

CVE-2019-11857

Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.

9.1CVSS

5.1AI Score

0.001EPSS

2020-08-21 07:15 PM
37
cve
cve

CVE-2019-11858

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.

7.2CVSS

7.3AI Score

0.001EPSS

2020-08-21 07:15 PM
34
cve
cve

CVE-2019-11859

A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.

8.8CVSS

9AI Score

0.001EPSS

2020-08-21 07:15 PM
40
cve
cve

CVE-2019-11862

The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.

8.4CVSS

8.3AI Score

0.001EPSS

2020-08-21 07:15 PM
33
cve
cve

CVE-2020-8781

Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.

7.8CVSS

7.7AI Score

0.0005EPSS

2020-10-06 02:15 PM
25
cve
cve

CVE-2020-8782

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.

9.8CVSS

9.7AI Score

0.007EPSS

2020-10-06 02:15 PM
28