CVE-2019-11852

An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:airlink_lx40:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_lx60:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp70:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_mp70e:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_rv50:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_rv50x:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_gx450:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:airlink_es440:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_gx400:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_gx440:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:airlink_ls300:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:21

Type Values Removed Values Added
CVSS v2 : 6.4
v3 : 9.1
v2 : 6.4
v3 : 3.7
References () https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/ - Vendor Advisory () https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/ - Vendor Advisory

Information

Published : 2020-08-21 19:15

Updated : 2024-11-21 04:21


NVD link : CVE-2019-11852

Mitre link : CVE-2019-11852

CVE.ORG link : CVE-2019-11852


JSON object : View

Products Affected

sierrawireless

  • airlink_es440
  • airlink_gx440
  • airlink_gx450
  • aleos
  • airlink_lx40
  • airlink_mp70
  • airlink_es450
  • airlink_lx60
  • airlink_rv50x
  • airlink_rv50
  • airlink_ls300
  • airlink_gx400
  • airlink_mp70e
CWE
CWE-125

Out-of-bounds Read