4.9

CVE-2022-46650

Exploit
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SierrawirelessAleos Version <= 4.9.7
   SierrawirelessEs450 Version-
   SierrawirelessGx450 Version-
SierrawirelessAleos Version <= 4.16.0
   SierrawirelessLx40 Version-
   SierrawirelessLx60 Version-
   SierrawirelessMp70 Version-
   SierrawirelessRv50 Version-
   SierrawirelessRv50x Version-
   SierrawirelessRv55 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.28% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04
Third Party Advisory
US Government Resource
https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/
Third Party Advisory
Exploit