{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T23:19:09.659","vulnerabilities":[{"cve":{"id":"CVE-2023-40459","sourceIdentifier":"security@sierrawireless.com","published":"2023-12-04T23:15:24.933","lastModified":"2024-11-21T08:19:30.840","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\n\n\n\n\n\n\n\n\nThe\nACEManager component of ALEOS 4.16 and earlier does not adequately perform\ninput sanitization during authentication, which could potentially result in a\nDenial of Service (DoS) condition for ACEManager without impairing other router\nfunctions. ACEManager recovers from the DoS condition by restarting within ten\nseconds of becoming unavailable.\n\n\n\n\n\n\n"},{"lang":"es","value":"El componente ACEManager de ALEOS 4.16 y versiones anteriores no realiza adecuadamente la sanitización de entradas durante la autenticación, lo que podría resultar en una condición de denegación de servicio (DoS) para ACEManager sin afectar otras funciones del router. ACEManager se recupera de la condición DoS reiniciándose dentro de los diez segundos posteriores a que no esté disponible."}],"metrics":{"cvssMetricV31":[{"source":"security@sierrawireless.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@sierrawireless.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*","versionEndIncluding":"4.16.0","matchCriteriaId":"45265DDA-E10F-49D0-B2C6-FC123C42E5AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*","matchCriteriaId":"524DF1AE-21F2-4AA6-99E7-6F98304FF845"},{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*","matchCriteriaId":"2C12CF71-FE0E-44EA-9F2E-7CFB42E7C216"},{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*","matchCriteriaId":"069DD303-C100-4FAF-BD6B-4EE61CBDE9F7"},{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*","matchCriteriaId":"2A3B7B3D-1594-434B-8E22-01C67DF54F16"},{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*","matchCriteriaId":"007D4629-4BE2-4C7A-AC8B-E87739E22D12"},{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*","matchCriteriaId":"61D3EF27-E823-4E49-BD58-D050EB02D294"},{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*","matchCriteriaId":"215BD4AB-8EFD-4F82-ABE4-E7F81AD528C2"}]}]}],"references":[{"url":"https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs","source":"security@sierrawireless.com","tags":["Vendor Advisory"]},{"url":"https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}