Forced Browsing Vulnerability in Sierra Wireless MGOS
CVE-2019-13988

6.5MEDIUM

Key Information:

Vendor: Sierrawireless
Status: Mgos
Vendor: CVE Published:; 26 December 2022

🔔 Create Sierrawireless Vulnerability Alert

What is CVE-2019-13988?

This vulnerability allows attackers to exploit a flaw in Sierra Wireless MGOS, enabling them to read sensitive log files through a Direct Request technique. This unauthorized access can expose critical information and pose serious security risks. It affects MGOS versions prior to 3.15.2 and 4.x versions prior to 4.3, making it essential for users to apply security updates to mitigate potential threats.

References

https://www.sierrawireless.com/company/security/

https://source.sierrawireless.com/-/media/support_downloa...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2022
Vulnerability Reserved
Jul 19, 2019