CVE-2019-11852

Published Aug 21, 2020

Last updated 3 years ago

CVSS critical 9.1

Overview

Description: An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7366F7D-D49D-41BE-BB49-90F961A37A25",
            "versionEndExcluding": "4.13.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_lx40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C4CEDB07-37C9-444F-9670-1807E7C3E734"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_lx60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "631F6248-DA94-4BF8-9F78-3636CBD67F2E"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp70:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D40D05C-2C06-40D7-A060-AB695909E559"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_mp70e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AD91027A-EFC8-4A29-B880-CE39D00DF86F"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_rv50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "282D04AE-5657-42C6-9EF1-89FA8388D746"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_rv50x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AA1C2197-E412-4FE2-8DE8-3048A3727A58"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "352CE158-2DF5-45B8-99A3-1CD6B21A1557",
            "versionEndExcluding": "4.9.5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3E042BE5-9B2E-42B9-B455-FDB35251B0A6"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_gx450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F20FC147-11AF-4E39-978A-0BC270B3CF01"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9B26ADF-46F0-42E9-B434-B1BDD3B3FA51",
            "versionEndExcluding": "4.4.9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_es440:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A539809A-2F36-49E5-B6E1-7D13057CB5CC"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_gx400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3ED4507B-D487-40BB-8F0C-DDE252844BF7"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_gx440:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F6861FB-F310-4B6D-BEDD-0B1611E5CE2D"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:airlink_ls300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06302D92-3C19-414A-B976-779FE9B01915"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References