CVE-2023-40459

Published: Dec 4, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

Affected (1)

Products: Sierrawireless: Aleos

Sierrawireless

1 product

Aleos

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Sierrawireless Aleos	Up to 4.16.0

Running on/with	Platform Versions
Sierrawireless Es450	All versions
Sierrawireless Gx450	All versions
Sierrawireless Lx40	All versions
Sierrawireless Lx60	All versions
Sierrawireless Mp70	All versions
Sierrawireless Rv50x	All versions
Sierrawireless Rv55	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

Source: security@sierrawireless.com

Vendor Advisory

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.