CVE-2023-38319
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://openwrt.org/docs/guide-user/services/captive-portal/opennds
- https://github.com/openNDS/openNDS/releases/tag/v10.1.3
- https://github.com/openNDS/openNDS/blob/master/ChangeLog
- https://www.forescout.com/resources/sierra21-vulnerabilities
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://openwrt.org/docs/guide-user/services/captive-portal/opennds
- https://github.com/openNDS/openNDS/releases/tag/v10.1.3
- https://github.com/openNDS/openNDS/blob/master/ChangeLog
- https://www.forescout.com/resources/sierra21-vulnerabilities
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.