A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
References
Link | Resource |
---|---|
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
No history.
Information
Published : 2020-08-21 19:15
Updated : 2024-02-28 17:47
NVD link : CVE-2019-11856
Mitre link : CVE-2019-11856
CVE.ORG link : CVE-2019-11856
JSON object : View
Products Affected
sierrawireless
- airlink_mp70
- airlink_es440
- airlink_gx400
- airlink_mp70e
- airlink_lx40
- airlink_rv50
- airlink_gx440
- airlink_ls300
- airlink_es450
- airlink_gx450
- airlink_rv50x
- airlink_lx60
- aleos
CWE
CWE-294
Authentication Bypass by Capture-replay