7.1
CVE-2023-40460
- EPSS 0%
- Veröffentlicht 04.12.2023 23:15:25
- Zuletzt bearbeitet 21.11.2024 08:19:30
- Quelle security@sierrawireless.com
- CVE-Watchlists
- Unerledigt
LoginImproper input leads to DoS
The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sierrawireless ≫ Aleos Version <= 4.16.0
Sierrawireless ≫ Es450 Version-
Sierrawireless ≫ Gx450 Version-
Sierrawireless ≫ Lx40 Version-
Sierrawireless ≫ Lx60 Version-
Sierrawireless ≫ Mp70 Version-
Sierrawireless ≫ Rv50x Version-
Sierrawireless ≫ Rv55 Version-
Sierrawireless ≫ Gx450 Version-
Sierrawireless ≫ Lx40 Version-
Sierrawireless ≫ Lx60 Version-
Sierrawireless ≫ Mp70 Version-
Sierrawireless ≫ Rv50x Version-
Sierrawireless ≫ Rv55 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0% | 0.002 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| security@sierrawireless.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.