CVE-2019-11853 - OpenCVE

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sierrawireless	Airlink Es450 Airlink Gx450 Airlink Lx40 Airlink Lx60 Airlink Mp70 Airlink Mp70e Airlink Rv50 Airlink Rv50x Aleos

Configuration 1 [-]

AND

cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sierrawireless:airlink_lx40:-:::::::*
	cpe:2.3:h:sierrawireless:airlink_lx60:-:::::::*
	cpe:2.3:h:sierrawireless:airlink_mp70:-:::::::*
	cpe:2.3:h:sierrawireless:airlink_mp70e:-:::::::*
	cpe:2.3:h:sierrawireless:airlink_rv50:-:::::::*
	cpe:2.3:h:sierrawireless:airlink_rv50x:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sierrawireless:airlink_es450:-:::::::*
	cpe:2.3:h:sierrawireless:airlink_gx450:-:::::::*

No data.

References

Link	Providers
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-21T18:52:01.995577Z

Updated: 2024-09-17T03:54:16.087Z

Reserved: 2019-05-09T00:00:00

Link: CVE-2019-11853

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-21T19:15:11.530

Modified: 2022-02-09T19:27:20.410

Link: CVE-2019-11853

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-21T18:52:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/"}], "source": {"discovery": "INTERNAL"}, "title": "ALEOS AT Command Injections", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_PUBLIC": "2020-08-07T00:00:00.000Z", "ID": "CVE-2019-11853", "STATE": "PUBLIC", "TITLE": "ALEOS AT Command Injections"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/", "refsource": "MISC", "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:03:32.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11853", "datePublished": "2020-08-21T18:52:01.995577Z", "dateReserved": "2019-05-09T00:00:00", "dateUpdated": "2024-09-17T03:54:16.087Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", "matchCriteriaId": "22BF7599-D3BB-4273-847E-28E84AF19C07", "versionEndExcluding": "4.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sierrawireless:airlink_lx40:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4CEDB07-37C9-444F-9670-1807E7C3E734", "vulnerable": false}, {"criteria": "cpe:2.3:h:sierrawireless:airlink_lx60:-:*:*:*:*:*:*:*", "matchCriteriaId": "631F6248-DA94-4BF8-9F78-3636CBD67F2E", "vulnerable": false}, {"criteria": "cpe:2.3:h:sierrawireless:airlink_mp70:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D40D05C-2C06-40D7-A060-AB695909E559", "vulnerable": false}, {"criteria": "cpe:2.3:h:sierrawireless:airlink_mp70e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD91027A-EFC8-4A29-B880-CE39D00DF86F", "vulnerable": false}, {"criteria": "cpe:2.3:h:sierrawireless:airlink_rv50:-:*:*:*:*:*:*:*", "matchCriteriaId": "282D04AE-5657-42C6-9EF1-89FA8388D746", "vulnerable": false}, {"criteria": "cpe:2.3:h:sierrawireless:airlink_rv50x:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA1C2197-E412-4FE2-8DE8-3048A3727A58", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BA6B3FE-7242-44A0-8DFE-0835A06BB61A", "versionEndExcluding": "4.9.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E042BE5-9B2E-42B9-B455-FDB35251B0A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:sierrawireless:airlink_gx450:-:*:*:*:*:*:*:*", "matchCriteriaId": "F20FC147-11AF-4E39-978A-0BC270B3CF01", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4."}, {"lang": "es", "value": "Se presentan varias vulnerabilidades potenciales de inyecciones de comandos en la interfaz de comandos AT de ALEOS versiones anteriores a 4.11.0 y 4.9.4."}], "id": "CVE-2019-11853", "lastModified": "2022-02-09T19:27:20.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2020-08-21T19:15:11.530", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2020-004/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}