CVE-2023-40462

Published Dec 4, 2023

Last updated 9 months ago

CVSS high 7.5

Overview

Description: The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.
Source: security@sierrawireless.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-617
security@sierrawireless.com: CWE-617

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45265DDA-E10F-49D0-B2C6-FC123C42E5AE",
            "versionEndIncluding": "4.16.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "524DF1AE-21F2-4AA6-99E7-6F98304FF845"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2C12CF71-FE0E-44EA-9F2E-7CFB42E7C216"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "069DD303-C100-4FAF-BD6B-4EE61CBDE9F7"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A3B7B3D-1594-434B-8E22-01C67DF54F16"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "007D4629-4BE2-4C7A-AC8B-E87739E22D12"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61D3EF27-E823-4E49-BD58-D050EB02D294"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "215BD4AB-8EFD-4F82-ABE4-E7F81AD528C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References