CVE-2019-11857Improper Input Validation in Aleos

CWE-20Improper Input Validation2 documents2 sources
Severity
4.9MEDIUMNVD
EPSS
0.0%
top 96.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sierrawireless Aleos
Timeline
PublishedAug 21
Latest updateMay 24

Description

Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

NVDsierrawireless/aleos< 4.12.0+2

🔴Vulnerability Details

1
GHSA
GHSA-6p98-gw22-pp6c: Lack of input sanitization in AceManager of ALEOS before 42022-05-24
CVE-2019-11857 — Improper Input Validation in Aleos | cvebase