CVE-2023-40459
Severity:
HIGH
Type:
CWE-476
NULL Pointer Dereference
Publication date:
04/12/2023
Last modified:
08/12/2023
Description
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
The<br />
ACEManager component of ALEOS 4.16 and earlier does not adequately perform<br />
input sanitization during authentication, which could potentially result in a<br />
Denial of Service (DoS) condition for ACEManager without impairing other router<br />
functions. ACEManager recovers from the DoS condition by restarting within ten<br />
seconds of becoming unavailable.<br />
<br />
<br />
<br />
<br />
<br />
<br />
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* | 4.16.0 (including) | |
cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page