CVE-2023-40460
Improper input leads to DoS
The ACEManager
component of ALEOS 4.16 and earlier does not
validate uploaded
file names and types, which could potentially allow
an authenticated
user to perform client-side script execution within
ACEManager, altering
the device functionality until the device is
restarted.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Productos afectados
SierraWireless · ALEOS¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →