Search criteria
56 vulnerabilities
CVE-2023-31280 (GCVE-0-2023-31280)
Vulnerability from cvelistv5 – Published: 2024-12-20 23:41 – Updated: 2024-12-24 00:39
VLAI?
Summary
An AirVantage online Warranty Checker tool vulnerability could allow an attacker to
perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial
Number in addition to the warranty status when the Serial Number or IMEI is used to look up
warranty status.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sierra Wireless | AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices. |
Affected:
All Sierra Wireless devices.
(Custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:35:33.762558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:39:59.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices.",
"vendor": "Sierra Wireless",
"versions": [
{
"status": "affected",
"version": "All Sierra Wireless devices.",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-05-12T22:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An AirVantage online Warranty Checker tool vulnerability could allow an attacker to \nperform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial \nNumber in addition to the warranty status when the Serial Number or IMEI is used to look up \nwarranty status."
}
],
"value": "An AirVantage online Warranty Checker tool vulnerability could allow an attacker to \nperform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial \nNumber in addition to the warranty status when the Serial Number or IMEI is used to look up \nwarranty status."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Availability of IMEI and Serial Numbers pairs."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:41:22.070Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-31280",
"datePublished": "2024-12-20T23:41:22.070Z",
"dateReserved": "2023-04-26T19:52:55.324Z",
"dateUpdated": "2024-12-24T00:39:59.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31279 (GCVE-0-2023-31279)
Vulnerability from cvelistv5 – Published: 2024-12-20 23:35 – Updated: 2024-12-24 00:40
VLAI?
Summary
The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered
devices on the AirVantage platform when the owner has not disabled the AirVantage Management
Service on the devices or registered the device. This could enable an attacker to configure, manage,
and execute AT commands on an unsuspecting user’s devices.
Severity ?
8.1 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sierra Wireless | AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices. |
Affected:
Devices not registered in AirVantage with the AirVantage Management Service enabled.
(Custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:31:19.780950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:40:07.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices.",
"vendor": "Sierra Wireless",
"versions": [
{
"status": "affected",
"version": "Devices not registered in AirVantage with the AirVantage Management Service enabled.",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-05-12T22:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered \ndevices on the AirVantage platform when the owner has not disabled the AirVantage Management \nService on the devices or registered the device. This could enable an attacker to configure, manage, \nand execute AT commands on an unsuspecting user\u2019s devices."
}
],
"value": "The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered \ndevices on the AirVantage platform when the owner has not disabled the AirVantage Management \nService on the devices or registered the device. This could enable an attacker to configure, manage, \nand execute AT commands on an unsuspecting user\u2019s devices."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Configure, manage, and execute AT commands on an unsuspecting user\u2019s devices."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:35:29.797Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-31279",
"datePublished": "2024-12-20T23:35:29.797Z",
"dateReserved": "2023-04-26T19:52:55.324Z",
"dateUpdated": "2024-12-24T00:40:07.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13712 (GCVE-0-2020-13712)
Vulnerability from cvelistv5 – Published: 2024-12-20 21:37 – Updated: 2024-12-26 19:29
VLAI?
Summary
A command injection is possible through the user interface, allowing arbitrary command execution as
the root user. oMG2000 running MGOS 3.15.1 or earlier is affected.
MG90 running MGOS 4.2.1 or earlier is affected.
Severity ?
7.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Sierra Wireless | MGOS |
Affected:
all versions before 3.15.1
(Custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-13712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T19:28:59.870255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-26T19:29:55.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"oMG2000"
],
"product": "MGOS",
"vendor": "Sierra Wireless",
"versions": [
{
"status": "affected",
"version": "all versions before 3.15.1",
"versionType": "Custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MG90"
],
"product": "MGOS",
"vendor": "Sierra Wireless",
"versions": [
{
"status": "affected",
"version": "all versions before 4.2.1",
"versionType": "Custom"
}
]
}
],
"datePublic": "2020-11-19T21:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nA command injection is possible through the user interface, allowing arbitrary command execution as \nthe root user. oMG2000 running MGOS 3.15.1 or earlier is affected.\u0026nbsp;\n\nMG90 running MGOS 4.2.1 or earlier is affected.\u003c/p\u003e"
}
],
"value": "A command injection is possible through the user interface, allowing arbitrary command execution as \nthe root user. oMG2000 running MGOS 3.15.1 or earlier is affected.\u00a0\n\nMG90 running MGOS 4.2.1 or earlier is affected."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T21:37:35.021Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MGOS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13712",
"datePublished": "2024-12-20T21:37:35.021Z",
"dateReserved": "2020-06-01T00:00:00.000Z",
"dateUpdated": "2024-12-26T19:29:55.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40465 (GCVE-0-2023-40465)
Vulnerability from cvelistv5 – Published: 2023-12-04 23:02 – Updated: 2024-08-02 18:31
VLAI?
Summary
Several versions of
ALEOS, including ALEOS 4.16.0, include an opensource
third-party
component which can be exploited from the local
area network,
resulting in a Denial of Service condition for the captive portal.
Severity ?
8.3 (High)
4.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\u003c/p\u003e\n\n\u003cp\u003ethird-party\ncomponent which can be exploited from the local\u003c/p\u003e\n\n\u003cp\u003earea network,\nresulting in a Denial of Service condition for the captive portal.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\n\n\n\nthird-party\ncomponent which can be exploited from the local\n\n\n\narea network,\nresulting in a Denial of Service condition for the captive portal.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Remote-Code Execution"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T23:02:04.103Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input leads to DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40465",
"datePublished": "2023-12-04T23:02:04.103Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2024-08-02T18:31:53.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40464 (GCVE-0-2023-40464)
Vulnerability from cvelistv5 – Published: 2023-12-04 22:59 – Updated: 2024-08-02 18:31
VLAI?
Summary
Several versions of
ALEOS, including ALEOS 4.16.0, use a hardcoded
SSL certificate and
private key. An attacker with access to these items
could potentially
perform a man in the middle attack between the
ACEManager client
and ACEManager server.
Severity ?
8.1 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:54.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eSeveral versions of\nALEOS, including ALEOS 4.16.0, use a hardcoded\u003c/p\u003e\n\n\u003cp\u003eSSL certificate and\nprivate key. An attacker with access to these items\u003c/p\u003e\n\n\u003cp\u003ecould potentially\nperform a man in the middle attack between the\u003c/p\u003e\n\n\u003cp\u003eACEManager client\nand ACEManager server.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, use a hardcoded\n\n\n\nSSL certificate and\nprivate key. An attacker with access to these items\n\n\n\ncould potentially\nperform a man in the middle attack between the\n\n\n\nACEManager client\nand ACEManager server.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T22:59:33.449Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of hardcoded certificate and private key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40464",
"datePublished": "2023-12-04T22:59:33.449Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2024-08-02T18:31:54.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40463 (GCVE-0-2023-40463)
Vulnerability from cvelistv5 – Published: 2023-12-04 22:57 – Updated: 2025-05-29 13:43
VLAI?
Summary
When configured in
debugging mode by an authenticated user with
administrative
privileges, ALEOS 4.16 and earlier store the SHA512
hash of the common
root password for that version in a directory
accessible to a user
with root privileges or equivalent access.
Severity ?
8.1 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-23T05:01:11.849107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T13:43:19.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eWhen configured in\ndebugging mode by an authenticated user with\u003c/p\u003e\n\n\u003cp\u003eadministrative\nprivileges, ALEOS 4.16 and earlier store the SHA512\u003c/p\u003e\n\n\u003cp\u003ehash of the common\nroot password for that version in a directory\u003c/p\u003e\n\n\u003cp\u003eaccessible to a user\nwith root privileges or equivalent access.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nWhen configured in\ndebugging mode by an authenticated user with\n\n\n\nadministrative\nprivileges, ALEOS 4.16 and earlier store the SHA512\n\n\n\nhash of the common\nroot password for that version in a directory\n\n\n\naccessible to a user\nwith root privileges or equivalent access.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T22:57:41.197Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of Hard-Coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40463",
"datePublished": "2023-12-04T22:57:41.197Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2025-05-29T13:43:19.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40462 (GCVE-0-2023-40462)
Vulnerability from cvelistv5 – Published: 2023-12-04 22:53 – Updated: 2025-02-13 17:08
VLAI?
Summary
The ACEManager
component of ALEOS 4.16 and earlier does not
perform input
sanitization during authentication, which could
potentially result
in a Denial of Service (DoS) condition for
ACEManager without
impairing other router functions. ACEManager
recovers from the
DoS condition by restarting within ten seconds of
becoming
unavailable.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:28:33.874071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:38:28.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\u003c/p\u003e\n\n\u003cp\u003eperform input\nsanitization during authentication, which could\u003c/p\u003e\n\n\u003cp\u003epotentially result\nin a Denial of Service (DoS) condition for\u003c/p\u003e\n\n\u003cp\u003eACEManager without\nimpairing other router functions. ACEManager\u003c/p\u003e\n\n\u003cp\u003erecovers from the\nDoS condition by restarting within ten seconds of\u003c/p\u003e\n\n\u003cp\u003ebecoming\nunavailable.\u003c/p\u003e"
}
],
"value": "The ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nperform input\nsanitization during authentication, which could\n\n\n\npotentially result\nin a Denial of Service (DoS) condition for\n\n\n\nACEManager without\nimpairing other router functions. ACEManager\n\n\n\nrecovers from the\nDoS condition by restarting within ten seconds of\n\n\n\nbecoming\nunavailable."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T00:06:18.222Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input leads to DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40462",
"datePublished": "2023-12-04T22:53:59.402Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2025-02-13T17:08:24.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40461 (GCVE-0-2023-40461)
Vulnerability from cvelistv5 – Published: 2023-12-04 22:52 – Updated: 2024-08-02 18:31
VLAI?
Summary
The ACEManager
component of ALEOS 4.16 and earlier allows an
authenticated user
with Administrator privileges to access a file
upload field which
does not fully validate the file name, creating a
Stored Cross-Site
Scripting condition.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eThe ACEManager\ncomponent of ALEOS 4.16 and earlier allows an\u003c/p\u003e\n\n\u003cp\u003eauthenticated user\nwith Administrator privileges to access a file\u003c/p\u003e\n\n\u003cp\u003eupload field which\ndoes not fully validate the file name, creating a\u003c/p\u003e\n\n\u003cp\u003eStored Cross-Site\nScripting condition.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier allows an\n\n\n\nauthenticated user\nwith Administrator privileges to access a file\n\n\n\nupload field which\ndoes not fully validate the file name, creating a\n\n\n\nStored Cross-Site\nScripting condition.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T22:52:13.650Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting vulnerability in ACEManager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40461",
"datePublished": "2023-12-04T22:52:13.650Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2024-08-02T18:31:53.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40460 (GCVE-0-2023-40460)
Vulnerability from cvelistv5 – Published: 2023-12-04 22:50 – Updated: 2024-08-02 18:31
VLAI?
Summary
The ACEManager
component of ALEOS 4.16 and earlier does not
validate uploaded
file names and types, which could potentially allow
an authenticated
user to perform client-side script execution within
ACEManager, altering
the device functionality until the device is
restarted.
Severity ?
7.1 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\u003c/p\u003e\n\n\u003cp\u003evalidate uploaded\nfile names and types, which could potentially allow\u003c/p\u003e\n\n\u003cp\u003ean authenticated\nuser to perform client-side script execution within\u003c/p\u003e\n\n\u003cp\u003eACEManager, altering\nthe device functionality until the device is\u003c/p\u003e\n\n\u003cp\u003erestarted.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nvalidate uploaded\nfile names and types, which could potentially allow\n\n\n\nan authenticated\nuser to perform client-side script execution within\n\n\n\nACEManager, altering\nthe device functionality until the device is\n\n\n\nrestarted.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T22:50:04.200Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input leads to DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40460",
"datePublished": "2023-12-04T22:50:04.200Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2024-08-02T18:31:53.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40459 (GCVE-0-2023-40459)
Vulnerability from cvelistv5 – Published: 2023-12-04 22:48 – Updated: 2025-05-29 13:44
VLAI?
Summary
The
ACEManager component of ALEOS 4.16 and earlier does not adequately perform
input sanitization during authentication, which could potentially result in a
Denial of Service (DoS) condition for ACEManager without impairing other router
functions. ACEManager recovers from the DoS condition by restarting within ten
seconds of becoming unavailable.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(custom)
Affected: 0 , ≤ 4.9.8 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-23T05:01:08.787358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T13:44:35.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\u003cp\u003eThe\nACEManager component of ALEOS 4.16 and earlier does not adequately perform\ninput sanitization during authentication, which could potentially result in a\nDenial of Service (DoS) condition for ACEManager without impairing other router\nfunctions. ACEManager recovers from the DoS condition by restarting within ten\nseconds of becoming unavailable.\u003c/p\u003e\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nThe\nACEManager component of ALEOS 4.16 and earlier does not adequately perform\ninput sanitization during authentication, which could potentially result in a\nDenial of Service (DoS) condition for ACEManager without impairing other router\nfunctions. ACEManager recovers from the DoS condition by restarting within ten\nseconds of becoming unavailable.\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T22:48:05.584Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input leads to DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40459",
"datePublished": "2023-12-04T22:48:05.584Z",
"dateReserved": "2023-08-14T20:59:20.797Z",
"dateUpdated": "2025-05-29T13:44:35.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40458 (GCVE-0-2023-40458)
Vulnerability from cvelistv5 – Published: 2023-11-29 22:58 – Updated: 2024-08-02 18:31
VLAI?
Summary
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a
Denial of Service (DoS) condition for ACEManager without impairing
other router functions. This condition is cleared by restarting the
device.
Severity ?
7.5 (High)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sierrawireless | ALEOS |
Affected:
4.10.0 , ≤ 4.16
(custom)
Affected: 0 , ≤ 4.9.8 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "sierrawireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-28T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a \nDenial of Service (DoS) condition for ACEManager without impairing \nother router functions. This condition is cleared by restarting the \ndevice.\n\n"
}
],
"value": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a \nDenial of Service (DoS) condition for ACEManager without impairing \nother router functions. This condition is cleared by restarting the \ndevice.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T23:03:01.667Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AceManager DOS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40458",
"datePublished": "2023-11-29T22:58:21.671Z",
"dateReserved": "2023-08-14T20:59:20.797Z",
"dateUpdated": "2024-08-02T18:31:53.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46649 (GCVE-0-2022-46649)
Vulnerability from cvelistv5 – Published: 2023-02-10 00:00 – Updated: 2025-03-24 16:05
VLAI?
Summary
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
Severity ?
8.8 (High)
CWE
- CWE-78 - - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46649",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T16:04:16.876245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T16:05:39.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ALEOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 4.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 - Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T00:00:00.000Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/"
},
{
"url": "https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2022-46649",
"datePublished": "2023-02-10T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-03-24T16:05:39.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46650 (GCVE-0-2022-46650)
Vulnerability from cvelistv5 – Published: 2023-02-10 00:00 – Updated: 2025-03-24 16:15
VLAI?
Summary
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
Severity ?
4.9 (Medium)
CWE
- CWE-200 - - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46650",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T16:14:03.829945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T16:15:42.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ALEOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 4.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-10T00:00:00.000Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/"
},
{
"url": "https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2022-46650",
"datePublished": "2023-02-10T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-03-24T16:15:42.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36736 (GCVE-0-2021-36736)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:20",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2021-36736",
"datePublished": "2022-01-14T17:28:20",
"dateRejected": "2022-01-14T17:28:20",
"dateReserved": "2021-07-13T00:00:00",
"dateUpdated": "2022-01-14T17:28:20",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2021-36735 (GCVE-0-2021-36735)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:17",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2021-36735",
"datePublished": "2022-01-14T17:28:17",
"dateRejected": "2022-01-14T17:28:17",
"dateReserved": "2021-07-13T00:00:00",
"dateUpdated": "2022-01-14T17:28:17",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2021-36734 (GCVE-0-2021-36734)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:16",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2021-36734",
"datePublished": "2022-01-14T17:28:16",
"dateRejected": "2022-01-14T17:28:16",
"dateReserved": "2021-07-13T00:00:00",
"dateUpdated": "2022-01-14T17:28:16",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13752 (GCVE-0-2020-13752)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:15",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13752",
"datePublished": "2022-01-14T17:28:15",
"dateRejected": "2022-01-14T17:28:15",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:15",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13751 (GCVE-0-2020-13751)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:13",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13751",
"datePublished": "2022-01-14T17:28:13",
"dateRejected": "2022-01-14T17:28:13",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:13",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13750 (GCVE-0-2020-13750)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:11",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13750",
"datePublished": "2022-01-14T17:28:11",
"dateRejected": "2022-01-14T17:28:11",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:11",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13749 (GCVE-0-2020-13749)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:10",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13749",
"datePublished": "2022-01-14T17:28:10",
"dateRejected": "2022-01-14T17:28:10",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:10",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13748 (GCVE-0-2020-13748)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:09",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13748",
"datePublished": "2022-01-14T17:28:09",
"dateRejected": "2022-01-14T17:28:09",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:09",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13747 (GCVE-0-2020-13747)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:07",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13747",
"datePublished": "2022-01-14T17:28:07",
"dateRejected": "2022-01-14T17:28:07",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:07",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13746 (GCVE-0-2020-13746)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:05",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13746",
"datePublished": "2022-01-14T17:28:05",
"dateRejected": "2022-01-14T17:28:05",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:05",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13745 (GCVE-0-2020-13745)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:03",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13745",
"datePublished": "2022-01-14T17:28:03",
"dateRejected": "2022-01-14T17:28:03",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:03",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13744 (GCVE-0-2020-13744)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:28 – Updated: 2022-01-14 17:28
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:28:01",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13744",
"datePublished": "2022-01-14T17:28:01",
"dateRejected": "2022-01-14T17:28:01",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:28:01",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13743 (GCVE-0-2020-13743)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:27 – Updated: 2022-01-14 17:27
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:27:59",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13743",
"datePublished": "2022-01-14T17:27:59",
"dateRejected": "2022-01-14T17:27:59",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:27:59",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13742 (GCVE-0-2020-13742)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:27 – Updated: 2022-01-14 17:27
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:27:58",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13742",
"datePublished": "2022-01-14T17:27:58",
"dateRejected": "2022-01-14T17:27:58",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:27:58",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13741 (GCVE-0-2020-13741)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:27 – Updated: 2022-01-14 17:27
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:27:57",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13741",
"datePublished": "2022-01-14T17:27:57",
"dateRejected": "2022-01-14T17:27:57",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:27:57",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13740 (GCVE-0-2020-13740)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:27 – Updated: 2022-01-14 17:27
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:27:55",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13740",
"datePublished": "2022-01-14T17:27:55",
"dateRejected": "2022-01-14T17:27:55",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:27:55",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-13739 (GCVE-0-2020-13739)
Vulnerability from cvelistv5 – Published: 2022-01-14 17:27 – Updated: 2022-01-14 17:27
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-01-14T17:27:54",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2020-13739",
"datePublished": "2022-01-14T17:27:54",
"dateRejected": "2022-01-14T17:27:54",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2022-01-14T17:27:54",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}