CVE-2023-40462

Summary

The ACEManager component of ALEOS 4.16 and earlier does not

perform input sanitization during authentication, which could

potentially result in a Denial of Service (DoS) condition for

ACEManager without impairing other router functions. ACEManager

recovers from the DoS condition by restarting within ten seconds of

becoming unavailable.

Affected Software

VendorProductVersion RangeStatus
SierraWirelessALEOS4.10 <= 4.16affected
SierraWirelessALEOS0 <= 4.9.8affected

Weaknesses

  • CWE-617: CWE-617 Reachable Assertion

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References