CVE-2023-40465

CVSS v3.1

8.3

High

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ALEOS versions 4.16.0 and earlier

Description The issue is related to an open-source third-party component in ALEOS that can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. Additionally, there is a buffer overflow vulnerability in the dynamic memory of the ALEOS operating system, which can allow a remote attacker to execute arbitrary code with root privileges.

Recommendations For ALEOS version 4.16.0 and earlier, update to version 4.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable component to minimize the risk of exploitation.

Fix

Stack Overflow

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787CWE-122

Related Identifiers

BDU:2023-08498

CVE-2023-40465

Affected Products

Aleos

CVE-2023-40465

Weakness Enumeration

Related Identifiers

Affected Products

References · 7