Vulnerability Details : CVE-2023-40458
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Sierra Wireless, Inc ALEOS could potentially allow a remote attacker to trigger a
Denial of Service (DoS) condition for ACEManager without impairing
other router functions. This condition is cleared by restarting the
device.
Vulnerability category: Denial of service
Products affected by CVE-2023-40458
- cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
- cpe:2.3:o:sierrawireless:aleos:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40458
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40458
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Sierra Wireless Inc. |
CWE ids for CVE-2023-40458
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by:
- nvd@nist.gov (Primary)
- security@sierrawireless.com (Secondary)
References for CVE-2023-40458
-
https://https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs
-
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs
Vendor Advisory
Jump to