{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-40459","assignerOrgId":"747bec18-acd0-4d99-a5c8-5e366c66ab7e","state":"PUBLISHED","assignerShortName":"SWI","dateReserved":"2023-08-14T20:59:20.797Z","datePublished":"2023-12-04T22:48:05.584Z","dateUpdated":"2025-05-29T13:44:35.068Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ALEOS","vendor":"SierraWireless","versions":[{"lessThanOrEqual":"4.16","status":"affected","version":"4.10","versionType":"custom"},{"lessThanOrEqual":"4.9.8","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2023-11-28T18:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n\n\n\n\n\n\n\n\n<p>The\nACEManager component of ALEOS 4.16 and earlier does not adequately perform\ninput sanitization during authentication, which could potentially result in a\nDenial of Service (DoS) condition for ACEManager without impairing other router\nfunctions. ACEManager recovers from the DoS condition by restarting within ten\nseconds of becoming unavailable.</p>\n\n\n\n\n"}],"value":"\n\n\n\n\n\n\n\n\nThe\nACEManager component of ALEOS 4.16 and earlier does not adequately perform\ninput sanitization during authentication, which could potentially result in a\nDenial of Service (DoS) condition for ACEManager without impairing other router\nfunctions. ACEManager recovers from the DoS condition by restarting within ten\nseconds of becoming unavailable.\n\n\n\n\n\n\n"}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"747bec18-acd0-4d99-a5c8-5e366c66ab7e","shortName":"SWI","dateUpdated":"2023-12-04T22:48:05.584Z"},"references":[{"url":"https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"}],"source":{"discovery":"UNKNOWN"},"title":"Improper input leads to DoS","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T18:31:53.799Z"},"title":"CVE Program Container","references":[{"url":"https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2023-12-23T05:01:08.787358Z","id":"CVE-2023-40459","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-29T13:44:35.068Z"}}]}}