CVE-2023-40458
AceManager DOS Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a
Denial of Service (DoS) condition for ACEManager without impairing
other router functions. This condition is cleared by restarting the
device.
Vulnerabilidad de bucle con condición de salida inalcanzable ("bucle infinito") en Sierra Wireless, Inc. ALEOS podría potencialmente permitir que un atacante remoto active una condición de Denegación de Servicio (DoS) para ACEManager sin afectar otras funciones del router. Esta condición se elimina reiniciando el dispositivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-14 CVE Reserved
- 2023-11-29 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
- CAPEC-153: Input Data Manipulation
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sierrawireless Search vendor "Sierrawireless" | Aleos Search vendor "Sierrawireless" for product "Aleos" | <= 4.9.8 Search vendor "Sierrawireless" for product "Aleos" and version " <= 4.9.8" | - |
Affected
| ||||||
| Sierrawireless Search vendor "Sierrawireless" | Aleos Search vendor "Sierrawireless" for product "Aleos" | >= 4.10.0 <= 4.16.2 Search vendor "Sierrawireless" for product "Aleos" and version " >= 4.10.0 <= 4.16.2" | - |
Affected
| ||||||