Vulnerability Description
The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Aleos | <= 4.16.0 |
| Sierrawireless | Es450 | - |
| Sierrawireless | Gx450 | - |
| Sierrawireless | Lx40 | - |
| Sierrawireless | Lx60 | - |
| Sierrawireless | Mp70 | - |
| Sierrawireless | Rv50X | - |
| Sierrawireless | Rv55 | - |
Related Weaknesses (CWE)
References
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-tVendor Advisory
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-tVendor Advisory
FAQ
What is CVE-2023-40459?
CVE-2023-40459 is a vulnerability with a CVSS score of 7.5 (HIGH). The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition ...
How severe is CVE-2023-40459?
CVE-2023-40459 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40459?
Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Aleos, Sierrawireless Es450, Sierrawireless Gx450, Sierrawireless Lx40, Sierrawireless Lx60.