CVE-2023-40460 Information

Description

The ACEManager component of ALEOS 4.16 and earlier does not

validate uploaded file names and types which could potentially allow

an authenticated user to perform client-side script execution within

ACEManager altering the device functionality until the device is

restarted.

Reference

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2023-006/#sthash.5ZcnyPM1.dpbs