ГлавнаяУязвимости → CVE-2023-38319
9.8критическая

CVE-2023-38319

Описание

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.

Затрагиваемое ПО
Opennds Opennds
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/openNDS/openNDS/blob/master/ChangeLoghttps://github.com/openNDS/openNDS/releases/tag/v10.1.3https://openwrt.org/docs/guide-user/services/captive-portal/openndshttps://www.forescout.com/resources/sierra21-vulnerabilitieshttps://github.com/openNDS/openNDS/blob/master/ChangeLoghttps://github.com/openNDS/openNDS/releases/tag/v10.1.3https://openwrt.org/docs/guide-user/services/captive-portal/openndshttps://www.forescout.com/resources/sierra21-vulnerabilities