CVE-2023-40462

EPSS 0.01%
Published 04.12.2023 23:15:25
Last modified 13.02.2025 17:17:04
Source security@sierrawireless.com
Teams watchlist Login
Open Login

The ACEManager
component of ALEOS 4.16 and earlier does not



perform input
sanitization during authentication, which could



potentially result
in a Denial of Service (DoS) condition for



ACEManager without
impairing other router functions. ACEManager



recovers from the
DoS condition by restarting within ten seconds of



becoming
unavailable.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Sierrawireless ≫ Aleos Version <= 4.16.0

   Sierrawireless ≫ Es450 Version-
   Sierrawireless ≫ Gx450 Version-
   Sierrawireless ≫ Lx40 Version-
   Sierrawireless ≫ Lx60 Version-
   Sierrawireless ≫ Mp70 Version-
   Sierrawireless ≫ Rv50x Version-
   Sierrawireless ≫ Rv55 Version-

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security@sierrawireless.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-40462

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40462

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40462

EUVD