CVE-2023-40464 Information

Description

Several versions of ALEOS including ALEOS 4.16.0 use a hardcoded

SSL certificate and private key. An attacker with access to these items

could potentially perform a man in the middle attack between the

ACEManager client and ACEManager server.

Reference

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin—swi-psa-2023-006/#sthash.6KUVtE6w.dpbs