The ACEManager
component of ALEOS 4.16 and earlier does not



validate uploaded
file names and types, which could potentially allow



an authenticated
user to perform client-side script execution within



ACEManager, altering
the device functionality until the device is



restarted.







Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: SWI

Published:

Updated: 2024-08-02T18:31:53.807Z

Reserved: 2023-08-14T20:59:20.798Z

Link: CVE-2023-40460

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-04T23:15:25.180

Modified: 2024-11-21T08:19:30.983

Link: CVE-2023-40460

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.