CVE-2023-38323

Опубликовано: 26 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.

Ссылки

https://github.com/openNDS/openNDS/blob/master/ChangeLog
Release Notes
https://github.com/openNDS/openNDS/releases/tag/v10.1.3
Release Notes
https://openwrt.org/docs/guide-user/services/captive-portal/opennds
Product
https://www.forescout.com/resources/sierra21-vulnerabilities
Exploit
Third Party Advisory
https://github.com/openNDS/openNDS/blob/master/ChangeLog
Release Notes
https://github.com/openNDS/openNDS/releases/tag/v10.1.3
Release Notes
https://openwrt.org/docs/guide-user/services/captive-portal/opennds
Product
https://www.forescout.com/resources/sierra21-vulnerabilities
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opennds:opennds:*:*:*:*:*:*:*:*

Версия до 10.1.3 (исключая)

EPSS

Процентиль: 47%

0.00241

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

CVE-2023-38323

CVSS3: 9.8

ubuntu

около 2 лет назад

CVE-2023-38323

CVSS3: 9.8

debian

около 2 лет назад

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize ...

GHSA-c69w-p7cc-6h7c

CVSS3: 9.8

github

около 2 лет назад

EPSS

Процентиль: 47%

0.00241

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78