CVE-2022-46650

CVSS V2 None CVSS V3 None

Description

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.

Overview

CVE ID
CVE-2022-46650

Assigner
security@sierrawireless.com

Vulnerability Status
Analyzed

Published Version
2023-02-10T18:15:13

Last Modified Date
2023-02-16T18:44:47

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
		AND
cpe:2.3:o:sierrawireless:aleos::::::::	1	OR		4.9.7
cpe:2.3:h:sierrawireless:es450:-:::::::*	0	OR
cpe:2.3:h:sierrawireless:gx450:-:::::::*	0	OR
		AND
cpe:2.3:o:sierrawireless:aleos::::::::	1	OR		4.16.0
cpe:2.3:h:sierrawireless:lx40:-:::::::*	0	OR
cpe:2.3:h:sierrawireless:lx60:-:::::::*	0	OR
cpe:2.3:h:sierrawireless:mp70:-:::::::*	0	OR
cpe:2.3:h:sierrawireless:rv50:-:::::::*	0	OR
cpe:2.3:h:sierrawireless:rv50x:-:::::::*	0	OR
cpe:2.3:h:sierrawireless:rv55:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/	Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04	Third Party Advisory US Government Resource
https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/	Exploit Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-46650
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46650

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 07:30:33				Added to TrackCVE
2023-04-17 07:30:35			Weakness Enumeration	new