← Back

CVE-2023-40462

nvd nist
Published: Dec 4, 2023Modified: Feb 13, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

Affected (2)

Sierrawireless
1 product
Aleos
Debian
1 product
Debian Linux
Configuration A
1 vulnerable · 7 platform
Vulnerable SoftwareAffected Versions
Aleos
Up to 4.16.0
Running on/withPlatform Versions
Sierrawireless
Es450
All versions
Sierrawireless
Gx450
All versions
Sierrawireless
Lx40
All versions
Sierrawireless
Lx60
All versions
Sierrawireless
Mp70
All versions
Sierrawireless
Rv50x
All versions
Sierrawireless
Rv55
All versions
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 10.0

Related CWEs

CWE-617
Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (4)

Source: security@sierrawireless.com
Mailing ListThird Party Advisory
Source: security@sierrawireless.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.