CVE-2023-40459 HIGH

CVE-2023-40459: Improper input leads to DoS

Vendor Sierrawireless
Product ALEOS
Weakness CWE-476
Published December 4, 2023
Last update May 29, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

Key dates

02Disclosure timeline

December 4, 2023 CVE published
May 29, 2025 Record updated