gsd-2023-40462
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The ACEManager
component of ALEOS 4.16 and earlier does not
perform input
sanitization during authentication, which could
potentially result
in a Denial of Service (DoS) condition for
ACEManager without
impairing other router functions. ACEManager
recovers from the
DoS condition by restarting within ten seconds of
becoming
unavailable.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-40462",
"id": "GSD-2023-40462"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-40462"
],
"details": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nperform input\nsanitization during authentication, which could\n\n\n\npotentially result\nin a Denial of Service (DoS) condition for\n\n\n\nACEManager without\nimpairing other router functions. ACEManager\n\n\n\nrecovers from the\nDoS condition by restarting within ten seconds of\n\n\n\nbecoming\nunavailable.\n\n\n\n\n\n\n\n",
"id": "GSD-2023-40462",
"modified": "2023-12-13T01:20:44.201421Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@sierrawireless.com",
"ID": "CVE-2023-40462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALEOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.10",
"version_value": "4.16"
},
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "4.9.8"
}
]
}
}
]
},
"vendor_name": "SierraWireless"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nperform input\nsanitization during authentication, which could\n\n\n\npotentially result\nin a Denial of Service (DoS) condition for\n\n\n\nACEManager without\nimpairing other router functions. ACEManager\n\n\n\nrecovers from the\nDoS condition by restarting within ten seconds of\n\n\n\nbecoming\nunavailable.\n\n\n\n\n\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-617",
"lang": "eng",
"value": "CWE-617 Reachable Assertion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs",
"refsource": "MISC",
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45265DDA-E10F-49D0-B2C6-FC123C42E5AE",
"versionEndIncluding": "4.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "524DF1AE-21F2-4AA6-99E7-6F98304FF845",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C12CF71-FE0E-44EA-9F2E-7CFB42E7C216",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "069DD303-C100-4FAF-BD6B-4EE61CBDE9F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3B7B3D-1594-434B-8E22-01C67DF54F16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "007D4629-4BE2-4C7A-AC8B-E87739E22D12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61D3EF27-E823-4E49-BD58-D050EB02D294",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "215BD4AB-8EFD-4F82-ABE4-E7F81AD528C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\nThe ACEManager\ncomponent of ALEOS 4.16 and earlier does not\n\n\n\nperform input\nsanitization during authentication, which could\n\n\n\npotentially result\nin a Denial of Service (DoS) condition for\n\n\n\nACEManager without\nimpairing other router functions. ACEManager\n\n\n\nrecovers from the\nDoS condition by restarting within ten seconds of\n\n\n\nbecoming\nunavailable.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El componente ACEManager de ALEOS 4.16 y versiones anteriores no realiza sanitizaci\u00f3n de entrada durante la autenticaci\u00f3n, lo que podr\u00eda resultar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para ACEManager sin afectar otras funciones del router. ACEManager se recupera de la condici\u00f3n DoS reinici\u00e1ndose dentro de los diez segundos posteriores a que no est\u00e9 disponible."
}
],
"id": "CVE-2023-40462",
"lastModified": "2024-02-02T03:12:25.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@sierrawireless.com",
"type": "Secondary"
}
]
},
"published": "2023-12-04T23:15:25.603",
"references": [
{
"source": "security@sierrawireless.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
},
{
"source": "security@sierrawireless.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"sourceIdentifier": "security@sierrawireless.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "security@sierrawireless.com",
"type": "Secondary"
}
]
}
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.