CVE-2023-38317

Опубликовано: 26 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.

Ссылки

https://github.com/openNDS/openNDS/blob/master/ChangeLog
Release Notes
https://github.com/openNDS/openNDS/releases/tag/v10.1.3
Release Notes
https://openwrt.org/docs/guide-user/services/captive-portal/opennds
Product
https://www.forescout.com/resources/sierra21-vulnerabilities
Exploit
Third Party Advisory
https://github.com/openNDS/openNDS/blob/master/ChangeLog
Release Notes
https://github.com/openNDS/openNDS/releases/tag/v10.1.3
Release Notes
https://openwrt.org/docs/guide-user/services/captive-portal/opennds
Product
https://www.forescout.com/resources/sierra21-vulnerabilities
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opennds:opennds:*:*:*:*:*:*:*:*

Версия до 10.1.3 (исключая)

EPSS

Процентиль: 47%

0.00241

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

CVE-2023-38317

CVSS3: 9.8

ubuntu

около 2 лет назад

CVE-2023-38317

CVSS3: 9.8

debian

около 2 лет назад

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...

GHSA-93h3-xr58-xwf6

CVSS3: 9.8

github

около 2 лет назад

EPSS

Процентиль: 47%

0.00241

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78