Lucene search

SWICVELIST:CVE-2023-40465

HistoryDec 04, 2023 - 11:02 p.m.

CVE-2023-40465 Improper input leads to DoS

2023-12-0423:02:04

CWE-122

CWE-121

SWI

www.cve.org

aleos 4.16.0

opensource component

vulnerability

denial of service

local network

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

26.6%

JSON

Several versions of
ALEOS, including ALEOS 4.16.0, include an opensource

third-party
component which can be exploited from the local

area network,
resulting in a Denial of Service condition for the captive portal.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ALEOS",
    "vendor": "SierraWireless",
    "versions": [
      {
        "lessThanOrEqual": "4.16",
        "status": "affected",
        "version": "4.10",
        "versionType": "Custom"
      },
      {
        "lessThanOrEqual": "4.9.8",
        "status": "affected",
        "version": "0",
        "versionType": "Custom"
      }
    ]
  }
]

References

source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

26.6%

JSON

Related for CVELIST:CVE-2023-40465