CVE-2023-40462

The ACEManager
component of ALEOS 4.16 and earlier does not



perform input
sanitization during authentication, which could



potentially result
in a Denial of Service (DoS) condition for



ACEManager without
impairing other router functions. ACEManager



recovers from the
DoS condition by restarting within ten seconds of



becoming
unavailable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SWICNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
sierrawirelessaleos
𝑥
≤ 4.16.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs
https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs