CVE-2023-40458
published 2023-11-29CVE-2023-40458: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.82%
52.6th percentile
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a
Denial of Service (DoS) condition for ACEManager without impairing
other router functions. This condition is cleared by restarting the
device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sierrawireless | aleos | <= 4.9.8 | — |
| sierrawireless | aleos | 4.10.0 – 4.16.2 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Sierra Wireless AirLink with ALEOS firmware
cisa_ics·2023-12-07·CVSS 7.5
[HIGH] Sierra Wireless AirLink with ALEOS firmware
ICS Advisory
##
Sierra Wireless AirLink with ALEOS firmware
Release DateDecember 07, 2023
Alert CodeICSA-23-341-06
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Sierra Wireless
- Equipment: AirLink
- Vulnerabilities: Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution to take full control of the device, steal credentials through a cross site scripting attack, or crash the device being accessed through a denial-of-service attack.
## 3. TECHNICAL DETAILS
## 3.1 AFFEC
GHSA
GHSA-jx6g-c2p6-6cx2: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigge
ghsa_unreviewed·2023-11-30
CVE-2023-40458 [HIGH] CWE-835 GHSA-jx6g-c2p6-6cx2: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigge
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a
Denial of Service (DoS) condition for ACEManager without impairing
other router functions. This condition is cleared by restarting the
device.
OSV
CVE-2023-40458: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigge
osv·2023-11-29·CVSS 7.5
CVE-2023-40458 [HIGH] CVE-2023-40458: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigge
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device.
No detection rules found.
No public exploits indexed.
2023-11-29
Published