Lucene search

SWICVE-2023-40462

HistoryDec 04, 2023 - 11:15 p.m.

CVE-2023-40462

2023-12-0423:15:25

CWE-617

SWI

web.nvd.nist.gov

cve

acemanager

aleos 4.16

authentication

input sanitization

dos

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

13.3%

JSON

The ACEManager
component of ALEOS 4.16 and earlier does not

perform input
sanitization during authentication, which could

potentially result
in a Denial of Service (DoS) condition for

ACEManager without
impairing other router functions. ACEManager

recovers from the
DoS condition by restarting within ten seconds of

becoming
unavailable.

Affected configurations

Nvd

Node

sierrawirelessaleosRange≤4.16.0

AND

sierrawirelesses450Match-

sierrawirelessgx450Match-

sierrawirelesslx40Match-

sierrawirelesslx60Match-

sierrawirelessmp70Match-

sierrawirelessrv50xMatch-

sierrawirelessrv55Match-

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
sierrawirelessaleos*cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
sierrawirelesses450-cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
sierrawirelessgx450-cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*
sierrawirelesslx40-cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
sierrawirelesslx60-cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
sierrawirelessmp70-cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
sierrawirelessrv50x-cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
sierrawirelessrv55-cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sierrawireless	aleos	*	cpe:2.3:o:sierrawireless:aleos::::::::
sierrawireless	es450	-	cpe:2.3:h:sierrawireless:es450:-:::::::*
sierrawireless	gx450	-	cpe:2.3:h:sierrawireless:gx450:-:::::::*
sierrawireless	lx40	-	cpe:2.3:h:sierrawireless:lx40:-:::::::*
sierrawireless	lx60	-	cpe:2.3:h:sierrawireless:lx60:-:::::::*
sierrawireless	mp70	-	cpe:2.3:h:sierrawireless:mp70:-:::::::*
sierrawireless	rv50x	-	cpe:2.3:h:sierrawireless:rv50x:-:::::::*
sierrawireless	rv55	-	cpe:2.3:h:sierrawireless:rv55:-:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ALEOS",
    "vendor": "SierraWireless",
    "versions": [
      {
        "lessThanOrEqual": "4.16",
        "status": "affected",
        "version": "4.10",
        "versionType": "Custom"
      },
      {
        "lessThanOrEqual": "4.9.8",
        "status": "affected",
        "version": "0",
        "versionType": "Custom"
      }
    ]
  }
]