Description
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
References (3)
Core 3
Core References
Vendor Advisory
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/
Third Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04
Exploit, Third Party Advisory
https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/
Scores
CVSS v3
4.9
EPSS
0.1228
EPSS Percentile
95.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
sierrawireless/aleos
< 4.9.7
Published
Feb 10, 2023
Tracked Since
Feb 18, 2026