HIGH🇬🇧 English

CVE-2023-40459

CVSS 7.5v3.1pub. 2023-12-04upd. 2024-11-21

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Sierrawireless Aleos

    OS
    Sierrawireless
    ≤ 4.16.0
  • Sierrawireless Es450

    HW
    Sierrawireless
    wszystkie wersje
  • Sierrawireless Gx450

    HW
    Sierrawireless
    wszystkie wersje
  • Sierrawireless Lx40

    HW
    Sierrawireless
    wszystkie wersje
  • Sierrawireless Lx60

    HW
    Sierrawireless
    wszystkie wersje
  • Sierrawireless Mp70

    HW
    Sierrawireless
    wszystkie wersje
  • Sierrawireless Rv50x

    HW
    Sierrawireless
    wszystkie wersje
  • Sierrawireless Rv55

    HW
    Sierrawireless
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2019-11851CRITICAL9.8ten sam produkt

The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through...

CVE-2019-11857CRITICAL9.1ten sam produkt

Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitiv...

CVE-2018-10251CRITICAL9.8ten sam produkt

A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.7 a...

CVE-2018-4063HIGH8.8⚠ KEVten sam produkt

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless A...

CVE-2023-38321HIGH7.5ten sam produkt

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to caus...