CVE-2023-40463

EPSS 0.02%
Veröffentlicht 04.12.2023 23:15:25
Zuletzt bearbeitet 21.11.2024 08:19:31
Quelle security@sierrawireless.com
CVE-Watchlists
Login
Unerledigt
Login

Use of Hard-Coded Credentials










When configured in
debugging mode by an authenticated user with



administrative
privileges, ALEOS 4.16 and earlier store the SHA512



hash of the common
root password for that version in a directory



accessible to a user
with root privileges or equivalent access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sierrawireless ≫ Aleos Version <= 4.16.0

   Sierrawireless ≫ Es450 Version-
   Sierrawireless ≫ Gx450 Version-
   Sierrawireless ≫ Lx40 Version-
   Sierrawireless ≫ Lx60 Version-
   Sierrawireless ≫ Mp70 Version-
   Sierrawireless ≫ Rv50x Version-
   Sierrawireless ≫ Rv55 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@sierrawireless.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40463

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-40463