Lucene search
HistoryDec 04, 2023 - 11:15 p.m.
CVE-2023-40463
debugging mode
authenticated user
administrative privileges
aleos 4.16
sha512 hash
common root password
directory
root privileges
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.5%
When configured in
debugging mode by an authenticated user with
administrative
privileges, ALEOS 4.16 and earlier store the SHA512
hash of the common
root password for that version in a directory
accessible to a user
with root privileges or equivalent access.
Affected configurations
Node
sierrawirelessaleosRange≤4.16.0
sierrawirelesses450Match-
ORsierrawirelessgx450Match-
ORsierrawirelesslx40Match-
ORsierrawirelesslx60Match-
ORsierrawirelessmp70Match-
ORsierrawirelessrv50xMatch-
ORsierrawirelessrv55Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sierrawireless | aleos | * | cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* |
| sierrawireless | es450 | - | cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:* |
| sierrawireless | gx450 | - | cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:* |
| sierrawireless | lx40 | - | cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:* |
| sierrawireless | lx60 | - | cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:* |
| sierrawireless | mp70 | - | cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:* |
| sierrawireless | rv50x | - | cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:* |
| sierrawireless | rv55 | - | cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-40463 Use of Hard-Coded Credentials
2023-12-04 22:57:41
prion
prion
Design/Logic Flaw
2023-12-04 23:15:00
cve
cve
CVE-2023-40463
2023-12-04 23:15:25
ics
ics
Sierra Wireless AirLink with ALEOS firmware
2023-12-07 12:00:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.5%
Related for NVD:CVE-2023-40463