CVE

CVE-2023-40459

Severity:
HIGH
Type:
CWE-476 NULL Pointer Dereference
Publication date:
04/12/2023
Last modified:
08/12/2023

Description

<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> The<br /> ACEManager component of ALEOS 4.16 and earlier does not adequately perform<br /> input sanitization during authentication, which could potentially result in a<br /> Denial of Service (DoS) condition for ACEManager without impairing other router<br /> functions. ACEManager recovers from the DoS condition by restarting within ten<br /> seconds of becoming unavailable.<br /> <br /> <br /> <br /> <br /> <br /> <br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* 4.16.0 (including)
cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*


botón arriba