CVE-2019-11856Authentication Bypass by Capture-replay in Aleos

CWE-294Authentication Bypass by Capture-replay2 documents2 sources
Severity
3.8LOWNVD
EPSS
0.0%
top 94.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sierrawireless Aleos
Timeline
PublishedAug 21
Latest updateMay 24

Description

A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:LExploitability: 1.2 | Impact: 2.5

Affected Packages1 packages

NVDsierrawireless/aleos4.12.0+2

🔴Vulnerability Details

1
GHSA
GHSA-h222-gcmc-vjfm: A nonce reuse vulnerability exists in the ACEView service of ALEOS before 42022-05-24
CVE-2019-11856 — Sierrawireless Aleos vulnerability | cvebase