Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2023-40464

Published: 04/12/2023 Updated: 08/12/2023
CVSS v3 Base Score: 6.8 | Impact Score: 5.2 | Exploitability Score: 1.6
VMScore: 0
Subscribe to Sierrawireless

Vulnerability Summary

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.

Vulnerable Product Search on Vulmon Subscribe to Product

sierrawireless aleos

ICS Advisories

https://ics-cert.us-cert.gov/advisories/dc472431075db9d447184c14f49857bb
Critical Infrastructure Sectors: Commercial Facilities, Communications, Energy, Government Facilities, Transportation Systems, Water and Wastewater Systems

References

CWE-798https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbshttps://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-341-06
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook