Lucene search
HistoryDec 04, 2023 - 11:15 p.m.
CVE-2023-40464
cve-2023-40464
aleos
man in the middle attack
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
17.6%
Several versions of
ALEOS, including ALEOS 4.16.0, use a hardcoded
SSL certificate and
private key. An attacker with access to these items
could potentially
perform a man in the middle attack between the
ACEManager client
and ACEManager server.
Affected configurations
Node
sierrawirelessaleosRange≤4.16.0
sierrawirelesses450Match-
ORsierrawirelessgx450Match-
ORsierrawirelesslx40Match-
ORsierrawirelesslx60Match-
ORsierrawirelessmp70Match-
ORsierrawirelessrv50xMatch-
ORsierrawirelessrv55Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sierrawireless | aleos | * | cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:* |
| sierrawireless | es450 | - | cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:* |
| sierrawireless | gx450 | - | cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:* |
| sierrawireless | lx40 | - | cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:* |
| sierrawireless | lx60 | - | cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:* |
| sierrawireless | mp70 | - | cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:* |
| sierrawireless | rv50x | - | cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:* |
| sierrawireless | rv55 | - | cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:* |
Related
prion
prion
Hardcoded credentials
2023-12-04 23:15:00
cvelist
cvelist
CVE-2023-40464 Use of hardcoded certificate and private key
2023-12-04 22:59:33
cve
cve
CVE-2023-40464
2023-12-04 23:15:26
ics
ics
Sierra Wireless AirLink with ALEOS firmware
2023-12-07 12:00:00
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
17.6%
Related for NVD:CVE-2023-40464