VYPR

ALEOS

by ALEOS

CVEs (3)

  • CVE-2019-11847HigAug 21, 2020
    risk 0.47cvss 7.3epss 0.00

    An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.

  • CVE-2019-11859MedAug 21, 2020
    risk 0.39cvss 6.0epss 0.02

    A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.

  • CVE-2019-11856LowAug 21, 2020
    risk 0.22cvss 3.3epss 0.01

    A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.