CVE-2023-40462

Name of the Vulnerable Software and Affected Versions ALEOS versions 4.16 and earlier

Description The issue is related to the ACEManager component of the ALEOS operating system in Sierra Wireless wireless routers, including MP70, RV50x, RV55, LX40, LX60 ES450, and GX450. It is caused by a lack of input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. The ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

Recommendations For ALEOS versions 4.16 and earlier, consider disabling the ACEManager component until a patch is available to prevent potential exploitation. Restrict access to the ACEManager component to minimize the risk of a Denial of Service condition. Avoid using the ACEManager component for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.