CVE-2022-46649

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type Values Removed Values Added
References () https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/ - Vendor Advisory () https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/ - Vendor Advisory
References () https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 - Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 - Third Party Advisory, US Government Resource
References () https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/ - Exploit, Third Party Advisory () https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/ - Exploit, Third Party Advisory

Information

Published : 2023-02-10 18:15

Updated : 2024-11-21 07:30


NVD link : CVE-2022-46649

Mitre link : CVE-2022-46649

CVE.ORG link : CVE-2022-46649


JSON object : View

Products Affected

sierrawireless

  • gx450
  • rv55
  • aleos
  • rv50
  • rv50x
  • lx60
  • lx40
  • es450
  • mp70
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')