CVE-2023-40464

Summary

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded

SSL certificate and private key. An attacker with access to these items

could potentially perform a man in the middle attack between the

ACEManager client and ACEManager server.

Affected Software

VendorProductVersion RangeStatus
SierraWirelessALEOS4.10 <= 4.16affected
SierraWirelessALEOS0 <= 4.9.8affected

Weaknesses

  • CWE-321: CWE-321

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References