cve/2023/CVE-2023-40459.md

### [CVE-2023-40459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40459)
![](https://img.shields.io/static/v1?label=Product&message=ALEOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4.10%3C%3D%204.16%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476%20NULL%20Pointer%20Dereference&color=brighgreen)

### Description

TheACEManager component of ALEOS 4.16 and earlier does not adequately performinput sanitization during authentication, which could potentially result in aDenial of Service (DoS) condition for ACEManager without impairing other routerfunctions. ACEManager recovers from the DoS condition by restarting within tenseconds of becoming unavailable.

### POC

#### Reference
- https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

#### Github
- https://github.com/majidmc2/CVE-2023-40459
- https://github.com/nomi-sec/PoC-in-GitHub