← Back

CVE-2022-46650

nvd nist
Published: Feb 10, 2023Modified: Mar 24, 2025

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.

Affected (2)

Sierrawireless
1 product
Aleos
Configuration A
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Aleos
Up to 4.9.7
Running on/withPlatform Versions
Sierrawireless
Es450
All versions
Sierrawireless
Gx450
All versions
Configuration B
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Aleos
Up to 4.16.0
Running on/withPlatform Versions
Sierrawireless
Lx40
All versions
Sierrawireless
Lx60
All versions
Sierrawireless
Mp70
All versions
Sierrawireless
Rv50
All versions
Sierrawireless
Rv50x
All versions
Sierrawireless
Rv55
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

Source: security@sierrawireless.com
Vendor Advisory
Source: security@sierrawireless.com
Third Party AdvisoryUS Government Resource
Source: security@sierrawireless.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.