Vulnerabilities > CVE-2019-11862 - Incorrect Authorization vulnerability in Sierrawireless Aleos

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

NVD

Published: 2020-08-21

Updated: 2021-07-21

Summary

The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.

Part	Description	Count
OS	Sierrawireless Sierrawireless Aleos 4.3.0 Sierrawireless Aleos 4.3.1 Sierrawireless Aleos 4.3.2 Sierrawireless Aleos 4.3.3 Sierrawireless Aleos 4.3.4 Sierrawireless Aleos 4.3.5 Sierrawireless Aleos 4.3.6 Sierrawireless Aleos 4.4.0 Sierrawireless Aleos 4.4.1 Sierrawireless Aleos 4.4.2 Sierrawireless Aleos 4.4.3 Sierrawireless Aleos 4.4.4 Sierrawireless Aleos 4.4.5 Sierrawireless Aleos 4.4.6 Sierrawireless Aleos 4.4.7 Sierrawireless Aleos 4.4.8 Sierrawireless Aleos 4.9.0 Sierrawireless Aleos 4.9.1 Sierrawireless Aleos 4.9.2 Sierrawireless Aleos 4.9.3 Sierrawireless Aleos 4.9.4	21
Hardware	Sierrawireless Sierrawireless Airlink Es440 - Sierrawireless Airlink Es450 - Sierrawireless Airlink Gx400 - Sierrawireless Airlink Gx440 - Sierrawireless Airlink Gx450 - Sierrawireless Airlink Ls300 - Sierrawireless Airlink Lx40 - Sierrawireless Airlink Lx60 - Sierrawireless Airlink Mp70 - Sierrawireless Airlink Mp70E - Sierrawireless Airlink Rv50 - Sierrawireless Airlink Rv50X -	12