CVE-2019-11856

EUVD-2019-3516
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
mitreCNA
3.3 LOW
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
sierrawirelessaleos
𝑥
≤ 4.12.0
sierrawirelessaleos
𝑥
≤ 4.9.4
sierrawirelessaleos
𝑥
≤ 4.4.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/