CVE-2022-46649
published 2023-02-10CVE-2022-46649: Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the…
PriorityP359high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.30%
81.1th percentile
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sierrawireless | aleos | <= 4.9.7 | — |
| sierrawireless | aleos | <= 4.16.0 | — |
| sierrawireless | aleos | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cxpc-g33f-3fqv: Acemanager in ALEOS before version 4
ghsa_unreviewed·2023-02-10
CVE-2022-46649 [HIGH] CWE-78 GHSA-cxpc-g33f-3fqv: Acemanager in ALEOS before version 4
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
CISA ICS
Sierra Wireless AirLink Router with ALEOS Software
cisa_ics·2023-01-26·CVSS 8.8
[HIGH] Sierra Wireless AirLink Router with ALEOS Software
ICS Advisory
##
Sierra Wireless AirLink Router with ALEOS Software
Last RevisedJanuary 26, 2023
Alert CodeICSA-23-026-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Sierra Wireless
- Equipment: AirLink Router with ALEOS Software
- Vulnerabilities: Improper Neutralization of Argument Delimiters in a Command, Exposure of Sensitive Information to an Unauthorized Actor
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a loss of sensitive information and could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Sierra Wireless reports the following versions of AirLink router with ALEOS software are affected:
- Airlink Router (ES450, GX450) r
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/
2023-02-10
Published