CVE-2023-40465

Published: Dec 4, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal.

Affected (1)

Products: Sierrawireless: Aleos

1 product

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Sierrawireless Aleos	Up to 4.16.0

Running on/with	Platform Versions
Sierrawireless Es450	All versions
Sierrawireless Gx450	All versions
Sierrawireless Lx40	All versions
Sierrawireless Lx60	All versions
Sierrawireless Mp70	All versions
Sierrawireless Rv50x	All versions
Sierrawireless Rv55	All versions

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

Source: security@sierrawireless.com

Vendor Advisory

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.