CVE-2023-40461

Published Dec 4, 2023

Last updated a year ago

CVSS medium 4.8

Overview

Description: The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition.
Source: security@sierrawireless.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.8
Impact score: 2.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
security@sierrawireless.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45265DDA-E10F-49D0-B2C6-FC123C42E5AE",
            "versionEndIncluding": "4.16.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "524DF1AE-21F2-4AA6-99E7-6F98304FF845"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2C12CF71-FE0E-44EA-9F2E-7CFB42E7C216"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "069DD303-C100-4FAF-BD6B-4EE61CBDE9F7"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A3B7B3D-1594-434B-8E22-01C67DF54F16"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "007D4629-4BE2-4C7A-AC8B-E87739E22D12"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61D3EF27-E823-4E49-BD58-D050EB02D294"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "215BD4AB-8EFD-4F82-ABE4-E7F81AD528C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References