CVE-2023-40462 Improper input leads to DoS

2023-12-0422:53:59

CWE-617

SWI

www.cve.org

acemanager

aleos 4.16

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

13.3%

JSON

The ACEManager
component of ALEOS 4.16 and earlier does not

perform input
sanitization during authentication, which could

potentially result
in a Denial of Service (DoS) condition for

ACEManager without
impairing other router functions. ACEManager

recovers from the
DoS condition by restarting within ten seconds of

becoming
unavailable.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ALEOS",
    "vendor": "SierraWireless",
    "versions": [
      {
        "lessThanOrEqual": "4.16",
        "status": "affected",
        "version": "4.10",
        "versionType": "Custom"
      },
      {
        "lessThanOrEqual": "4.9.8",
        "status": "affected",
        "version": "0",
        "versionType": "Custom"
      }
    ]
  }
]