CVE-2023-40463

EPSS 0.02%
Veröffentlicht 04.12.2023 23:15:25
Zuletzt bearbeitet 21.11.2024 08:19:31
Quelle security@sierrawireless.com
CVE-Watchlists
Login
Unerledigt
Login










When configured in
debugging mode by an authenticated user with



administrative
privileges, ALEOS 4.16 and earlier store the SHA512



hash of the common
root password for that version in a directory



accessible to a user
with root privileges or equivalent access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sierrawireless ≫ Aleos Version <= 4.16.0

   Sierrawireless ≫ Es450 Version-
   Sierrawireless ≫ Gx450 Version-
   Sierrawireless ≫ Lx40 Version-
   Sierrawireless ≫ Lx60 Version-
   Sierrawireless ≫ Mp70 Version-
   Sierrawireless ≫ Rv50x Version-
   Sierrawireless ≫ Rv55 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@sierrawireless.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40463

EUVD