CVE-2023-40462
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/12/2023
Last modified:
13/02/2025
Description
The ACEManager<br />
component of ALEOS 4.16 and earlier does not<br />
<br />
<br />
<br />
perform input<br />
sanitization during authentication, which could<br />
<br />
<br />
<br />
potentially result<br />
in a Denial of Service (DoS) condition for<br />
<br />
<br />
<br />
ACEManager without<br />
impairing other router functions. ACEManager<br />
<br />
<br />
<br />
recovers from the<br />
DoS condition by restarting within ten seconds of<br />
<br />
<br />
<br />
becoming<br />
unavailable.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* | 4.16.0 (including) | |
| cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs
- https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs