CVE-2023-40459

Name of the Vulnerable Software and Affected Versions ALEOS versions 4.16 and earlier

Description The ACEManager component of ALEOS does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. The vulnerability is related to errors in pointer handling, and its exploitation may allow a remote attacker to cause a denial of service.

Recommendations For ALEOS versions 4.16 and earlier, consider implementing additional input validation mechanisms during the authentication process to prevent potential Denial of Service conditions. As a temporary workaround, monitor ACEManager for any signs of a DoS condition and be prepared for the component to restart automatically within ten seconds if such a condition occurs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.