CVE-2022-46650
published 2023-02-10CVE-2022-46650: Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login…
PriorityP432medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
12.28%
95.7th percentile
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sierrawireless | aleos | <= 4.9.7 | — |
| sierrawireless | aleos | <= 4.16.0 | — |
| sierrawireless | aleos | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p86q-cw52-gp9g: Acemanager in ALEOS before version 4
ghsa_unreviewed·2023-02-10
CVE-2022-46650 [MEDIUM] CWE-200 GHSA-p86q-cw52-gp9g: Acemanager in ALEOS before version 4
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.
CISA ICS
Sierra Wireless AirLink Router with ALEOS Software
cisa_ics·2023-01-26·CVSS 8.8
[HIGH] Sierra Wireless AirLink Router with ALEOS Software
ICS Advisory
##
Sierra Wireless AirLink Router with ALEOS Software
Last RevisedJanuary 26, 2023
Alert CodeICSA-23-026-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Sierra Wireless
- Equipment: AirLink Router with ALEOS Software
- Vulnerabilities: Improper Neutralization of Argument Delimiters in a Command, Exposure of Sensitive Information to an Unauthorized Actor
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a loss of sensitive information and could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Sierra Wireless reports the following versions of AirLink router with ALEOS software are affected:
- Airlink Router (ES450, GX450) r
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/
2023-02-10
Published