Published: 04/12/2023 Updated: 08/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The ACEManager component of ALEOS 4.16 and previous versions does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sierrawireless aleos

Critical Infrastructure Sectors: Commercial Facilities, Communications, Energy, Government Facilities, Transportation Systems, Water and Wastewater Systems

PoC of CVE-2023-40459 (DoS on ACEmanager)

Intro This repository contains PoC the CVE-2023-40459 vulnerability This vulnerability affects the ACEManager file in the ALEOS 416 and earlier versions, a product of Sierra Wireless This attack, without any initial access rights, can lead to disruption in accessing the target device (DoS) To use it, execute the following command: $ python3 PoC-CVE-2023-40459py [Address: h

CWE-476 https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs https://nvd.nist.gov https://github.com/majidmc2/CVE-2023-40459 https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-06

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-40459

Vulnerability Summary

Vulnerability Trend

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect