CVE-2019-11847 โ€” Improper Privilege Management in Aleos

CWE-269 โ€” Improper Privilege Management2 documents2 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 99.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sierrawireless Aleos
Timeline
PublishedAug 21
Latest updateMay 24

Description

An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

โ–ถNVDsierrawireless/aleos< 4.11.0+2

๐Ÿ”ดVulnerability Details

1
GHSA
GHSA-m4pc-g6vj-jmrm: An improper privilege management vulnerabitlity exists in ALEOS before 4โ†—2022-05-24
โ–ถ
CVE-2019-11847 โ€” Improper Privilege Management in Aleos | cvebase