The vulnerability of the ACEManager component in the ALEOS operating system of Sierra Wireless’ wireless routers—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a hacker to cause service interruptions.

🗓️ 11 Dec 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

ACEManager flaw in ALEOS on Sierra Wireless routers enables remote disruption via pre installed credentials.

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2023-40462	23 Dec 202314:16	–	circl
CNNVD	Sierra Wireless ALEOS Security Vulnerability	4 Dec 202300:00	–	cnnvd
CVE	CVE-2023-40462	4 Dec 202322:53	–	cve
Cvelist	CVE-2023-40462 Improper input leads to DoS	4 Dec 202322:53	–	cvelist
Debian	[SECURITY] [DLA 3701-1] tinyxml security update	30 Dec 202323:15	–	debian
Debian CVE	CVE-2023-40462	4 Dec 202322:53	–	debiancve
Tenable Nessus	Debian dla-3701 : libtinyxml-dev - security update	22 Jan 202500:00	–	nessus
Tenable Nessus	Fedora 40 : tinyxml (2024-763ac380b6)	29 Apr 202400:00	–	nessus
EUVD	EUVD-2023-45033	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 39 Update: tinyxml-2.6.2-28.fc39	8 Jan 202401:24	–	fedora

Vulners

Node

sierra_wireless aleosRange≤4.16

Source	Link
source	www.source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-341-06
safe-surf	www.safe-surf.ru/upload/VULN-new/VULN.2023-12-08.1.pdf
vuldb	www.vuldb.com/ru/
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.10/
web	www.web.nvd.nist.gov/view/vuln/detail

03 Apr 2024 00:00Current

CVSS 26.8

CVSS 37.5

EPSS0.00011

ACEManager vulnerability ALEOS operating system Sierra Wireless routers pre installed credentials remote attacker service disruption MP70 model RV50x model RV55 model LX40 model LX60 model ES450 model GX450 model