CVE-2023-40460 HIGH

CVE-2023-40460: Improper input leads to DoS

Vendor Sierrawireless
Product ALEOS
Weakness CWE-434 · Unrestricted file upload
Published December 4, 2023
Last update February 25, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted.

Key dates

02Disclosure timeline

December 4, 2023 CVE published
February 25, 2026 Record updated

Related vulnerabilities

04Related CVE