CVE-2022-46650

Опубликовано: 10 фев. 2023

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.

Ссылки

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04
Third Party Advisory
US Government Resource
https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/
Exploit
Third Party Advisory
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04
Third Party Advisory
US Government Resource
https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*

Версия до 4.9.7 (включая)

Одно из

cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*

cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*

Версия до 4.16.0 (включая)

Одно из

cpe:2.3:h:sierrawireless:lx40:-:*:*:*:*:*:*:*

cpe:2.3:h:sierrawireless:lx60:-:*:*:*:*:*:*:*

cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*

cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*

cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*

cpe:2.3:h:sierrawireless:rv55:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00219

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-p86q-cw52-gp9g