Lucene search

SWICVELIST:CVE-2023-40463

HistoryDec 04, 2023 - 10:57 p.m.

CVE-2023-40463 Use of Hard-Coded Credentials

2023-12-0422:57:41

CWE-798

SWI

www.cve.org

cve-2023-40463

debugging mode

authenticated user

administrative privileges

sha512 hash

common root password

root privileges

security vulnerability

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.6%

JSON

When configured in
debugging mode by an authenticated user with

administrative
privileges, ALEOS 4.16 and earlier store the SHA512

hash of the common
root password for that version in a directory

accessible to a user
with root privileges or equivalent access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ALEOS",
    "vendor": "SierraWireless",
    "versions": [
      {
        "lessThanOrEqual": "4.16",
        "status": "affected",
        "version": "4.10",
        "versionType": "Custom"
      },
      {
        "lessThanOrEqual": "4.9.8",
        "status": "affected",
        "version": "0",
        "versionType": "Custom"
      }
    ]
  }
]

References

source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.6%

JSON

Related for CVELIST:CVE-2023-40463