A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.
References
Link | Resource |
---|---|
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
09 Feb 2022, 19:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sierrawireless airlink Mp70e
Sierrawireless airlink Lx40 Sierrawireless airlink Gx450 Sierrawireless airlink Lx60 Sierrawireless airlink Es440 Sierrawireless airlink Es450 Sierrawireless airlink Rv50 Sierrawireless airlink Gx440 Sierrawireless airlink Ls300 Sierrawireless airlink Gx400 Sierrawireless airlink Rv50x Sierrawireless airlink Mp70 |
|
CPE | cpe:2.3:h:sierawireless:airlink_mp70e:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_mp70:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_lx40:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_lx60:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_rv50x:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_es440:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_ls300:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_gx400:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_gx450:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_rv50:-:*:*:*:*:*:*:* cpe:2.3:h:sierawireless:airlink_es450:-:*:*:*:*:*:*:* |
cpe:2.3:h:sierrawireless:airlink_es440:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_rv50:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_mp70:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_mp70e:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_gx400:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_gx440:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_lx60:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_rv50x:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_lx40:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_gx450:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:* cpe:2.3:h:sierrawireless:airlink_ls300:-:*:*:*:*:*:*:* |
Information
Published : 2020-08-21 19:15
Updated : 2023-12-10 13:27
NVD link : CVE-2019-11859
Mitre link : CVE-2019-11859
CVE.ORG link : CVE-2019-11859
JSON object : View
Products Affected
sierrawireless
- airlink_rv50x
- airlink_gx400
- airlink_lx60
- airlink_mp70
- airlink_mp70e
- airlink_gx440
- airlink_rv50
- airlink_lx40
- airlink_ls300
- airlink_gx450
- aleos
- airlink_es450
- airlink_es440
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')