Lucene search

K
cve[email protected]CVE-2023-40461
HistoryDec 04, 2023 - 11:15 p.m.

CVE-2023-40461

2023-12-0423:15:25
CWE-79
web.nvd.nist.gov
15
cve-2023-40461
acemanager
aleos 4.16
authenticated user
administrator privileges
file upload
stored cross-site scripting

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

The ACEManager
component of ALEOS 4.16 and earlier allows an

authenticated user
with Administrator privileges to access a file

upload field which
does not fully validate the file name, creating a

Stored Cross-Site
Scripting condition.

Affected configurations

NVD
Node
sierrawirelessaleosRange4.16.0
AND
sierrawirelesses450Match-
OR
sierrawirelessgx450Match-
OR
sierrawirelesslx40Match-
OR
sierrawirelesslx60Match-
OR
sierrawirelessmp70Match-
OR
sierrawirelessrv50xMatch-
OR
sierrawirelessrv55Match-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ALEOS",
    "vendor": "SierraWireless",
    "versions": [
      {
        "lessThanOrEqual": "4.16",
        "status": "affected",
        "version": "4.10",
        "versionType": "Custom"
      },
      {
        "lessThanOrEqual": "4.9.8",
        "status": "affected",
        "version": "0",
        "versionType": "Custom"
      }
    ]
  }
]

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

Related for CVE-2023-40461