1. Home
  2. CVE Database
  3. CVE-2020-8782
HIGH · 7.5

CVE-2020-8782

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.

Vulnerability Description

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SierrawirelessAleos< 4.4.9
SierrawirelessAirlink Es440-
SierrawirelessAirlink Es450-
SierrawirelessAirlink Gx400-
SierrawirelessAirlink Gx440-
SierrawirelessAirlink Gx450-
SierrawirelessAirlink Ls300-
SierrawirelessAirlink Lx40-
SierrawirelessAirlink Lx60-
SierrawirelessAirlink Mp70-
SierrawirelessAirlink Mp70E-
SierrawirelessAirlink Rv50-
SierrawirelessAirlink Rv50X-
SierrawirelessAirlink Rv55-

References

FAQ

What is CVE-2020-8782?

CVE-2020-8782 is a vulnerability with a CVSS score of 7.5 (HIGH). Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.

How severe is CVE-2020-8782?

CVE-2020-8782 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8782?

Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Aleos, Sierrawireless Airlink Es440, Sierrawireless Airlink Es450, Sierrawireless Airlink Gx400, Sierrawireless Airlink Gx440.