CVE-2022-46650

Published Feb 10, 2023

Last updated 2 years ago

CVSS medium 4.9

Overview

Description: Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
Source: security@sierrawireless.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.9
Impact score: 3.6
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-200
security@sierrawireless.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "524DF1AE-21F2-4AA6-99E7-6F98304FF845"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2C12CF71-FE0E-44EA-9F2E-7CFB42E7C216"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA19B9D5-D298-4910-8406-5C5059AB8626",
            "versionEndIncluding": "4.9.7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "069DD303-C100-4FAF-BD6B-4EE61CBDE9F7"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A3B7B3D-1594-434B-8E22-01C67DF54F16"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "007D4629-4BE2-4C7A-AC8B-E87739E22D12"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "54218BC7-D942-4907-8052-ECB308753162"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61D3EF27-E823-4E49-BD58-D050EB02D294"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "215BD4AB-8EFD-4F82-ABE4-E7F81AD528C2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45265DDA-E10F-49D0-B2C6-FC123C42E5AE",
            "versionEndIncluding": "4.16.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References