CVE-2023-40458

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

L

oop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device.

References

Link	Resource
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs	Vendor Advisory
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:sierrawireless:aleos::::::::
	cpe:2.3:o:sierrawireless:aleos::::::::

History

21 Nov 2024, 08:19

Type	Values Removed	Values Added
References	~~() https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs - Vendor Advisory~~	() https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs - Vendor Advisory

Information

Published : 2023-11-29 23:15

Updated : 2024-11-21 08:19

NVD link : CVE-2023-40458

Mitre link : CVE-2023-40458

CVE.ORG link : CVE-2023-40458

JSON object : View

Products Affected

sierrawireless

aleos

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2023-40458", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-11-29T23:15:20.367", "references": [{"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-835"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a \nDenial of Service (DoS) condition for ACEManager without impairing \nother router functions. This condition is cleared by restarting the \ndevice.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de bucle con condici\u00f3n de salida inalcanzable (\"bucle infinito\") en Sierra Wireless, Inc. ALEOS podr\u00eda potencialmente permitir que un atacante remoto active una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) para ACEManager sin afectar otras funciones del router. Esta condici\u00f3n se elimina reiniciando el dispositivo."}], "lastModified": "2024-11-21T08:19:30.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79B70B8B-C6C1-428C-88A5-5E85AE32C187", "versionEndIncluding": "4.9.8"}, {"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB0B824A-C2A5-4637-B779-397D96FCE3B2", "versionEndIncluding": "4.16.2", "versionStartIncluding": "4.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}