CVE-2023-40464

Published Dec 4, 2023

Last updated a year ago

CVSS medium 6.8

Overview

Description: Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.
Source: security@sierrawireless.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.2
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-798
security@sierrawireless.com: CWE-321

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45265DDA-E10F-49D0-B2C6-FC123C42E5AE",
            "versionEndIncluding": "4.16.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "524DF1AE-21F2-4AA6-99E7-6F98304FF845"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2C12CF71-FE0E-44EA-9F2E-7CFB42E7C216"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "069DD303-C100-4FAF-BD6B-4EE61CBDE9F7"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A3B7B3D-1594-434B-8E22-01C67DF54F16"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "007D4629-4BE2-4C7A-AC8B-E87739E22D12"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "61D3EF27-E823-4E49-BD58-D050EB02D294"
          },
          {
            "criteria": "cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "215BD4AB-8EFD-4F82-ABE4-E7F81AD528C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References