{ "id": "CVE-2023-40462", "sourceIdentifier": "security@sierrawireless.com", "published": "2023-12-04T23:15:25.603", "lastModified": "2025-02-13T17:17:04.023", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nperform input\nsanitization during authentication, which could\n\n\n\npotentially result\nin a Denial of Service (DoS) condition for\n\n\n\nACEManager without\nimpairing other router functions. ACEManager\n\n\n\nrecovers from the\nDoS condition by restarting within ten seconds of\n\n\n\nbecoming\nunavailable." }, { "lang": "es", "value": "El componente ACEManager de ALEOS 4.16 y versiones anteriores no realiza sanitizaci\u00f3n de entrada durante la autenticaci\u00f3n, lo que podr\u00eda resultar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para ACEManager sin afectar otras funciones del router. ACEManager se recupera de la condici\u00f3n DoS reinici\u00e1ndose dentro de los diez segundos posteriores a que no est\u00e9 disponible." } ], "metrics": { "cvssMetricV31": [ { "source": "security@sierrawireless.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "security@sierrawireless.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-617" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-617" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", "versionEndIncluding": "4.16.0", "matchCriteriaId": "45265DDA-E10F-49D0-B2C6-FC123C42E5AE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*", "matchCriteriaId": "524DF1AE-21F2-4AA6-99E7-6F98304FF845" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C12CF71-FE0E-44EA-9F2E-7CFB42E7C216" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*", "matchCriteriaId": "069DD303-C100-4FAF-BD6B-4EE61CBDE9F7" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A3B7B3D-1594-434B-8E22-01C67DF54F16" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*", "matchCriteriaId": "007D4629-4BE2-4C7A-AC8B-E87739E22D12" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*", "matchCriteriaId": "61D3EF27-E823-4E49-BD58-D050EB02D294" }, { "vulnerable": false, "criteria": "cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*", "matchCriteriaId": "215BD4AB-8EFD-4F82-ABE4-E7F81AD528C2" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" } ] } ] } ], "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html", "source": "security@sierrawireless.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs", "source": "security@sierrawireless.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }