CVE-2019-11851
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
26/12/2022
Last modified:
16/04/2025
Description
The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* | 4.10.0 (including) | 4.14.0 (excluding) |
| cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:mp70e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* | 4.5.0 (including) | 4.9.5 (excluding) |
| cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* | 4.4.9 (excluding) | |
| cpe:2.3:h:sierrawireless:es440:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:gx400:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:gx440:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:ls300:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx
- https://www.sierrawireless.com/company/security/
- http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx
- https://www.sierrawireless.com/company/security/