CVE-2022-46649 – This vulnerability allows authenticated users o... (How to Fix)

Q: What is the severity of CVE-2022-46649?

CVE-2022-46649 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated users of Sierra Wireless ALEOS Acemanager to manipulate IP logging operations to execute arbitrary shell commands on affected devices. This is an OS command injection vulnerability affecting Sierra Wireless routers and gateways running ALEOS before version 4.16. Attackers with valid credentials can achieve remote code execution on vulnerable devices.

📋 TL;DR

This vulnerability allows authenticated users of Sierra Wireless ALEOS Acemanager to manipulate IP logging operations to execute arbitrary shell commands on affected devices. This is an OS command injection vulnerability affecting Sierra Wireless routers and gateways running ALEOS before version 4.16. Attackers with valid credentials can achieve remote code execution on vulnerable devices.

💻 Affected Systems

Products:

Sierra Wireless AirLink routers and gateways with Acemanager

Versions: ALEOS versions before 4.16

Operating Systems: ALEOS (Sierra Wireless embedded OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires valid Acemanager credentials. Default credentials may be present in some deployments.

📦 What is this software?

Aleos by Sierrawireless

View all CVEs affecting Aleos →

Aleos by Sierrawireless

View all CVEs affecting Aleos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, pivot to internal networks, intercept/modify network traffic, or render devices inoperable.

🟠

Likely Case

Attackers with stolen or default credentials gain full control of affected devices, enabling network reconnaissance, traffic interception, and lateral movement.

🟢

If Mitigated

Limited to authenticated users only, with proper credential management and network segmentation reducing attack surface.

🌐 Internet-Facing: HIGH - Many Sierra Wireless devices are deployed as internet-facing gateways, making them prime targets for credential stuffing and exploitation.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials or compromised accounts can exploit this vulnerability for lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid credentials but is straightforward once authenticated. Public technical details and proof-of-concept information available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ALEOS 4.16 or later

Vendor Advisory: https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/

Restart Required: Yes

Instructions:

1. Download ALEOS 4.16+ firmware from Sierra Wireless support portal. 2. Backup current configuration. 3. Upload and install firmware via Acemanager web interface. 4. Reboot device. 5. Verify version is 4.16 or higher.

🔧 Temporary Workarounds

Disable Acemanager access

all

Disable Acemanager web interface if not required for operations

# Via CLI: configure terminal
# no service acemanager

Restrict network access

all

Limit access to Acemanager interface to trusted IP addresses only

# Configure firewall rules to restrict access to Acemanager port (typically 443)

🧯 If You Can't Patch

Change all default credentials and enforce strong password policies for Acemanager accounts
Implement network segmentation to isolate Sierra Wireless devices from critical internal networks

🔍 How to Verify

Check if Vulnerable:

Check ALEOS version via Acemanager web interface (System > About) or CLI command 'show version'

Check Version:

show version | include ALEOS

Verify Fix Applied:

Confirm ALEOS version is 4.16 or higher and test IP logging functionality for command injection

📡 Detection & Monitoring

Log Indicators:

Unusual shell command execution in system logs
Multiple failed login attempts followed by successful authentication and IP logging operations
Unexpected processes spawned from Acemanager

Network Indicators:

Unusual outbound connections from Sierra Wireless devices
Traffic patterns inconsistent with normal operations

SIEM Query:

source="sierra_wireless" AND (event="command_execution" OR event="shell_spawn") OR (auth_success AND resource="acemanager" AND subsequent_event="ip_logging")

📊 Metadata

CVE ID: CVE-2022-46649

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: February 10, 2023

Last Updated: March 24, 2025

🔗 References

https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/ Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 Third Party Advisory,US Government Resource
https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/ Exploit,Third Party Advisory
https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/ Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04 Third Party Advisory,US Government Resource
https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-46649, you might also want to check these: