CVE-2023-40463

Summary

When configured in debugging mode by an authenticated user with

administrative privileges, ALEOS 4.16 and earlier store the SHA512

hash of the common root password for that version in a directory

accessible to a user with root privileges or equivalent access.

Affected Software

VendorProductVersion RangeStatus
SierraWirelessALEOS4.10 <= 4.16affected
SierraWirelessALEOS0 <= 4.9.8affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References