Arbitrary Command Execution Vulnerability in ALEOS by Sierra Wireless
CVE-2022-46649

8.8HIGH

Key Information:

Vendor

Sierrawireless

Status
Aleos
Vendor
CVE Published:
10 February 2023

What is CVE-2022-46649?

A flaw exists in Acemanager within ALEOS versions prior to 4.16, enabling an authenticated user to exploit IP logging capabilities. This manipulation can result in the execution of arbitrary shell commands on the device, posing a significant risk to system integrity and security. Users are advised to upgrade to the latest version to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ALEOS all versions before 4.16

References

https://source.sierrawireless.com/resources/security-bull...
https://www.otorio.com/blog/airlink-acemanager-vulnerabil...
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.