Lucene search

SWICVE-2022-46650

HistoryFeb 10, 2023 - 6:15 p.m.

CVE-2022-46650

2023-02-1018:15:13

CWE-200

SWI

web.nvd.nist.gov

cve-2022-46650

acemanager

aleos

security vulnerability

credential exposure

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.

Affected configurations

Nvd

Node

sierrawirelesses450Match-

sierrawirelessgx450Match-

AND

sierrawirelessaleosRange≤4.9.7

Node

sierrawirelesslx40Match-

sierrawirelesslx60Match-

sierrawirelessmp70Match-

sierrawirelessrv50Match-

sierrawirelessrv50xMatch-

sierrawirelessrv55Match-

AND

sierrawirelessaleosRange≤4.16.0

VendorProductVersionCPE
sierrawirelesses450-cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*
sierrawirelessgx450-cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*
sierrawirelessaleos*cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
sierrawirelesslx40-cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*
sierrawirelesslx60-cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*
sierrawirelessmp70-cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*
sierrawirelessrv50-cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*
sierrawirelessrv50x-cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*
sierrawirelessrv55-cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sierrawireless	es450	-	cpe:2.3:h:sierrawireless:es450:-:::::::*
sierrawireless	gx450	-	cpe:2.3:h:sierrawireless:gx450:-:::::::*
sierrawireless	aleos	*	cpe:2.3:o:sierrawireless:aleos::::::::
sierrawireless	lx40	-	cpe:2.3:h:sierrawireless:lx40:-:::::::*
sierrawireless	lx60	-	cpe:2.3:h:sierrawireless:lx60:-:::::::*
sierrawireless	mp70	-	cpe:2.3:h:sierrawireless:mp70:-:::::::*
sierrawireless	rv50	-	cpe:2.3:h:sierrawireless:rv50:-:::::::*
sierrawireless	rv50x	-	cpe:2.3:h:sierrawireless:rv50x:-:::::::*
sierrawireless	rv55	-	cpe:2.3:h:sierrawireless:rv55:-:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "ALEOS",
    "versions": [
      {
        "version": "all versions before 4.16",
        "status": "affected"
      }
    ]
  }
]

References

source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/

www.cisa.gov/uscert/ics/advisories/icsa-23-026-04

www.otorio.com/blog/airlink-acemanager-vulnerabilities/

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Related for CVE-2022-46650