PT-2022-8092 · Sierra Wireless · Sierra Wireless Mgos
Published
2022-12-26
·
Updated
2023-01-05
·
CVE-2019-13988
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Sierra Wireless MGOS versions prior to 3.15.2
Sierra Wireless MGOS versions 4.x prior to 4.3
Description
The issue allows attackers to read log files via a Direct Request, also known as Forced Browsing. This can potentially expose sensitive information.
Recommendations
For Sierra Wireless MGOS versions prior to 3.15.2, update to version 3.15.2 or later.
For Sierra Wireless MGOS versions 4.x prior to 4.3, update to version 4.3 or later.
As a temporary workaround, consider restricting access to log files until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sierra Wireless Mgos