CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 1CVE-2022-46649
https://notcve.org/view.php?id=CVE-2022-46649
10 Feb 2023 — Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11851
https://notcve.org/view.php?id=CVE-2019-11851
26 Dec 2022 — The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. El servicio ACENet en Sierra Wireless ALEOS anteriores a 4.4.9, 4.5.x a 4.9.x anteriores a 4.9.5 y 4.10.x a 4.13.x anteriores a 4.14.0 permite a atacantes remotos ejecutar código arbitrario mediante un desbordamiento de búfer. • http://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2021-001.ashx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11101
https://notcve.org/view.php?id=CVE-2020-11101
26 Dec 2022 — Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles sessions and thus an unauthenticated attacker can obtain a login session with administrator privileges. Sierra Wireless AirLink Mobility Manager (AMM) anterior a 2.17 maneja mal las sesiones y, por lo tanto, un atacante no autenticado puede obtener una sesión de inicio de sesión con privilegios de administrador. • https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-007---amm-unauthenticated-login.ashx • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-13988
https://notcve.org/view.php?id=CVE-2019-13988
26 Dec 2022 — Sierra Wireless MGOS before 3.15.2 and 4.x before 4.3 allows attackers to read log files via a Direct Request (aka Forced Browsing). Sierra Wireless MGOS anteriores a 3.15.2 y 4.x anteriores a 4.3 permite a los atacantes leer archivos de registro mediante una solicitud directa (también conocida como navegación forzada). • https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx •
CVSS: 9.8EPSS: 7%CPEs: 16EXPL: 0CVE-2020-8782 – ALEOS LAN-Side RPC Service Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-8782
06 Oct 2020 — Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. Sierra Wireless ALEOS versiones hasta 4.4.8, versiones hasta 4.9.4 y versiones hasta 4.11, permite una ejecución de código remota • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005 •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8781
https://notcve.org/view.php?id=CVE-2020-8781
06 Oct 2020 — Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. Sierra Wireless ALEOS versiones 4.11 hasta 4.13.0, presenta un problema de Autorización Inapropiada • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-005 •
CVSS: 8.4EPSS: 0%CPEs: 14EXPL: 0CVE-2019-11862 – ALEOS SSH Service Allows Traffic Proxying
https://notcve.org/view.php?id=CVE-2019-11862
21 Aug 2020 — The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. El servicio SSH en ALEOS versiones anteriores a 4.12.0, 4.9.5, 4.4.9, permite un proxy del tráfico. • https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-004 •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11858 – ALEOS Multiple Web UI vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11858
21 Aug 2020 — Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la AceManager Web API de ALEOS versiones anteriores a 4.13.0, 4.9.5 y 4.4.9. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2019-11853 – ALEOS AT Command Injections
https://notcve.org/view.php?id=CVE-2019-11853
21 Aug 2020 — Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. Se presentan varias vulnerabilidades potenciales de inyecciones de comandos en la interfaz de comandos AT de ALEOS versiones anteriores a 4.11.0 y 4.9.4. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11859 – ALEOS SMS Handler Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-11859
21 Aug 2020 — A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. Se presenta un desbordamiento del búfer en la API del manejador de SMS de ALEOS versiones anteriores a 4.13.0, 4.9.5, 4.9.4, que puede permitir una ejecución de código como root. • https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •