Aleos

This hub aggregates every CVE we track for Aleos, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Aleos.

• CVE-2023-38321OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outag...7.5Dec 25, 2023
• CVE-2023-40465Improper input leads to DoS8.3Dec 4, 2023
• CVE-2023-40464Use of hardcoded certificate and private key8.1Dec 4, 2023
• CVE-2023-40463Use of Hard-Coded Credentials8.1Dec 4, 2023
• CVE-2023-40462Improper input leads to DoS7.5Dec 4, 2023
• CVE-2023-40461Cross-site scripting vulnerability in ACEManager8.1Dec 4, 2023
• CVE-2023-40460Improper input leads to DoS7.1Dec 4, 2023
• CVE-2023-40459Improper input leads to DoS7.5Dec 4, 2023
• CVE-2023-40458AceManager DOS Vulnerability7.5Nov 29, 2023
• CVE-2022-46649Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.8.8Feb 10, 2023
• CVE-2022-46650Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page.4.9Feb 10, 2023
• CVE-2019-11851The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer ov...9.8Dec 26, 2022
• CVE-2020-8782ALEOS LAN-Side RPC Service Remote Code Execution7.5Oct 6, 2020
• CVE-2020-8781Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.7.8Oct 6, 2020
• CVE-2019-11862ALEOS SSH Service Allows Traffic Proxying8.1Aug 21, 2020