Vulnerability Description
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Aleos | <= 4.12.0 |
| Sierrawireless | Airlink Lx40 | - |
| Sierrawireless | Airlink Lx60 | - |
| Sierrawireless | Airlink Mp70 | - |
| Sierrawireless | Airlink Mp70E | - |
| Sierrawireless | Airlink Rv50 | - |
| Sierrawireless | Airlink Rv50X | - |
| Sierrawireless | Airlink Es450 | - |
| Sierrawireless | Airlink Gx450 | - |
| Sierrawireless | Airlink Es440 | - |
| Sierrawireless | Airlink Gx400 | - |
| Sierrawireless | Airlink Gx440 | - |
| Sierrawireless | Airlink Ls300 | - |
Related Weaknesses (CWE)
References
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-tVendor Advisory
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-tVendor Advisory
FAQ
What is CVE-2019-11856?
CVE-2019-11856 is a vulnerability with a CVSS score of 3.3 (LOW). A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sh...
How severe is CVE-2019-11856?
CVE-2019-11856 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11856?
Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Aleos, Sierrawireless Airlink Lx40, Sierrawireless Airlink Lx60, Sierrawireless Airlink Mp70, Sierrawireless Airlink Mp70E.