admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-40459.md

19 lines
1012 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-40459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40459)
![](https://img.shields.io/static/v1?label=Product&message=ALEOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4.10%3C%3D%204.16%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen)
### Description
TheACEManager component of ALEOS 4.16 and earlier does not adequately performinput sanitization during authentication, which could potentially result in aDenial of Service (DoS) condition for ACEManager without impairing other routerfunctions. ACEManager recovers from the DoS condition by restarting within tenseconds of becoming unavailable.
### POC
#### Reference
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs
#### Github
- https://github.com/majidmc2/CVE-2023-40459
- https://github.com/nomi-sec/PoC-in-GitHub
Reference in New Issue Copy Permalink