Hardcoded SSL Certificate and Private Key Vulnerability in ALEOS

Hardcoded SSL Certificate and Private Key Vulnerability in ALEOS

CVE-2023-40464 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.

Learn more about our Cis Benchmark Audit For Server Software.