Nonce Reuse Vulnerability in ACEView Service Allows Message Replay

Nonce Reuse Vulnerability in ACEView Service Allows Message Replay

CVE-2019-11856 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.

Learn more about our Web Application Penetration Testing UK.