A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
References
Link | Resource |
---|---|
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
09 Feb 2022, 19:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:sierawireless:airlink_rv50:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_es440:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_ls300:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_mp70e:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_rv50x:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_mp70:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_lx40:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_es450:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_gx450:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_gx440:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_gx400:-:*:*:*:*:*:*:* |
cpe:2.3:h:sierrawireless:airlink_mp70:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_lx40:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_gx450:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_rv50:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_lx60:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_gx400:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_es440:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_ls300:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_mp70e:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_rv50x:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_gx440:-:*:*:*:*:*:*:* |
Information
Published : 2020-08-21 19:15
Updated : 2024-02-04 21:00
NVD link : CVE-2019-11856
Mitre link : CVE-2019-11856
CVE.ORG link : CVE-2019-11856
JSON object : View
Products Affected
sierrawireless
- airlink_es450
- airlink_gx450
- airlink_lx60
- airlink_mp70e
- airlink_rv50
- airlink_es440
- airlink_ls300
- airlink_gx440
- airlink_mp70
- airlink_gx400
- aleos
- airlink_lx40
- airlink_rv50x
CWE
CWE-294
Authentication Bypass by Capture-replay