CVE-2023-40458

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a Denial of Service (DoS) condition for ACEManager without impairing other router functions. This condition is cleared by restarting the device.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:sierrawireless:aleos::::::::
	cpe:2.3:o:sierrawireless:aleos::::::::

History

05 Dec 2023, 01:55

Type	Values Removed	Values Added
CPE		cpe:2.3:o:sierrawireless:aleos::::::::
CWE		CWE-835
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs -~~	() https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs - Vendor Advisory

04 Dec 2023, 23:15

Type	Values Removed	Values Added
References	{'url': 'https://https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs', 'name': 'https://https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs', 'tags': [], 'refsource': ''}	() https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs -

29 Nov 2023, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-29 23:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-40458

Mitre link : CVE-2023-40458

CVE.ORG link : CVE-2023-40458

JSON object : View

Products Affected

sierrawireless

aleos

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2023-40458", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@sierrawireless.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-11-29T23:15:20.367", "references": [{"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs", "tags": ["Vendor Advisory"], "source": "security@sierrawireless.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}, {"type": "Secondary", "source": "security@sierrawireless.com", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a \nDenial of Service (DoS) condition for ACEManager without impairing \nother router functions. This condition is cleared by restarting the \ndevice.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de bucle con condici\u00f3n de salida inalcanzable (\"bucle infinito\") en Sierra Wireless, Inc. ALEOS podr\u00eda potencialmente permitir que un atacante remoto active una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) para ACEManager sin afectar otras funciones del router. Esta condici\u00f3n se elimina reiniciando el dispositivo."}], "lastModified": "2023-12-05T01:55:09.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79B70B8B-C6C1-428C-88A5-5E85AE32C187", "versionEndIncluding": "4.9.8"}, {"criteria": "cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB0B824A-C2A5-4637-B779-397D96FCE3B2", "versionEndIncluding": "4.16.2", "versionStartIncluding": "4.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@sierrawireless.com"}