CVE-2022-46649

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-02-10 18:15

Updated : 2024-02-28 19:51


NVD link : CVE-2022-46649

Mitre link : CVE-2022-46649

CVE.ORG link : CVE-2022-46649


JSON object : View

Products Affected

sierrawireless

  • rv50x
  • lx40
  • mp70
  • rv50
  • rv55
  • es450
  • gx450
  • lx60
  • aleos
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')