CVE-2023-40460
Improper input leads to DoS
The ACEManager
component of ALEOS 4.16 and earlier does not
validate uploaded
file names and types, which could potentially allow
an authenticated
user to perform client-side script execution within
ACEManager, altering
the device functionality until the device is
restarted.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Affected products
SierraWireless · ALEOSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →