CVE-2023-40459

HIGH

Sierrawireless Aleos < 4.16.0 - NULL Pointer Dereference

Title source: rule

Description

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

Exploits (2)

nomisec WORKING POC 4 stars

by majidmc2 · poc

https://github.com/majidmc2/CVE-2023-40459

View Code ZIP pw:eip

nomisec WORKING POC

by 7h3w4lk3r · poc

https://github.com/7h3w4lk3r/CVE-2023-40459

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

Scores

CVSS v3 7.5

EPSS 0.0130

EPSS Percentile 79.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

sierrawireless/aleos < 4.16.0

Published Dec 04, 2023

Tracked Since Feb 18, 2026