CVE-2023-40462

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:19

Type Values Removed Values Added
References () https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html - Mailing List, Third Party Advisory
References () https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs - Vendor Advisory () https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs - Vendor Advisory

02 Feb 2024, 03:12

Type Values Removed Values Added
References () https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html - () https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
First Time Debian
Debian debian Linux

31 Dec 2023, 00:15

Type Values Removed Values Added
First Time Sierrawireless lx40
Sierrawireless rv50x
Sierrawireless gx450
Sierrawireless es450
Sierrawireless
Sierrawireless mp70
Sierrawireless lx60
Sierrawireless rv55
Sierrawireless aleos
CPE cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
CWE CWE-617
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References
  • () https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html -
References () https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs - () https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs - Vendor Advisory

04 Dec 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-04 23:15

Updated : 2024-11-21 08:19


NVD link : CVE-2023-40462

Mitre link : CVE-2023-40462

CVE.ORG link : CVE-2023-40462


JSON object : View

Products Affected

sierrawireless

  • gx450
  • rv55
  • aleos
  • rv50x
  • lx60
  • lx40
  • es450
  • mp70

debian

  • debian_linux
CWE
CWE-617

Reachable Assertion