Описание
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded
SSL certificate and private key. An attacker with access to these items
could potentially perform a man in the middle attack between the
ACEManager client and ACEManager server.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS3
Дефекты
Связанные уязвимости
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.
Уязвимость операционной системы ALEOS беспроводных маршрутизаторов Sierra Wireless MP70, RV50x, RV55, LX40, LX60 ES450, GX450, позволяющая нарушителю реализовать атаку типа «человек посередине»
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS3