The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.
References
Link | Resource |
---|---|
http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx | Vendor Advisory |
https://www.sierrawireless.com/company/security/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
06 Jan 2023, 02:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.sierrawireless.com/company/security/ - Vendor Advisory | |
References | (CONFIRM) http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx - Vendor Advisory | |
First Time |
Sierrawireless ls300
Sierrawireless mp70 Sierrawireless gx450 Sierrawireless gx440 Sierrawireless rv50x Sierrawireless lx40 Sierrawireless es450 Sierrawireless Sierrawireless aleos Sierrawireless es440 Sierrawireless gx400 Sierrawireless mp70e Sierrawireless lx60 Sierrawireless rv50 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:h:sierrawireless:gx400:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:mp70e:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:es440:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:* cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:gx440:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:ls300:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:* |
|
CWE | CWE-120 |
26 Dec 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-26 22:15
Updated : 2023-12-10 14:48
NVD link : CVE-2019-11851
Mitre link : CVE-2019-11851
CVE.ORG link : CVE-2019-11851
JSON object : View
Products Affected
sierrawireless
- lx60
- es450
- aleos
- gx450
- rv50x
- mp70
- mp70e
- gx400
- es440
- lx40
- ls300
- rv50
- gx440
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')