Vulnerability Description
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sierrawireless | Aleos | <= 4.16.0 |
| Sierrawireless | Es450 | - |
| Sierrawireless | Gx450 | - |
| Sierrawireless | Lx40 | - |
| Sierrawireless | Lx60 | - |
| Sierrawireless | Mp70 | - |
| Sierrawireless | Rv50X | - |
| Sierrawireless | Rv55 | - |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2023/12/msg00024.htmlMailing ListThird Party Advisory
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-tVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/12/msg00024.htmlMailing ListThird Party Advisory
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-tVendor Advisory
FAQ
What is CVE-2023-40462?
CVE-2023-40462 is a vulnerability with a CVSS score of 7.5 (HIGH). The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEMana...
How severe is CVE-2023-40462?
CVE-2023-40462 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40462?
Check the references section above for vendor advisories and patch information. Affected products include: Sierrawireless Aleos, Sierrawireless Es450, Sierrawireless Gx450, Sierrawireless Lx40, Sierrawireless Lx60.