CVE-2023-40460

Improper input leads to DoS

CVSS 7.1 HIGHEPSS 0.5%CWE-434 CWE-79

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.1EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Dec 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Affected products

SierraWireless · ALEOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs