FKIE_CVE-2023-38314

Vulnerability from fkie_nvd - Published: 2023-11-17 06:15 - Updated: 2024-11-21 08:13
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3.
References
cve@mitre.orghttps://github.com/openNDS/openNDS/releases/tag/v10.1.2Release Notes, Vendor Advisory
cve@mitre.orghttps://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
cve@mitre.orghttps://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs
af854a3a-2127-422b-91ae-364da2661108https://github.com/openNDS/openNDS/releases/tag/v10.1.2Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
af854a3a-2127-422b-91ae-364da2661108https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs
Impacted products
Vendor Product Version
opennds captive_portal *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opennds:captive_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C7501E-5FCE-4728-A6DC-9DD6C0468496",
              "versionEndExcluding": "10.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). Affected OpenNDS Captive Portal before version 10.1.2 fixed infixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on28. August 2023 by updating OpenNDS to version 10.1.3."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Tiene una desreferencia de puntero NULL en preauthentiated() que se puede activar con una solicitud GET HTTP manipulada con un par\u00e1metro de cadena de consulta de redireccionamiento faltante. La activaci\u00f3n de este problema provoca el bloqueo de OpenNDS (una condici\u00f3n de denegaci\u00f3n de servicio)."
    }
  ],
  "id": "CVE-2023-38314",
  "lastModified": "2024-11-21T08:13:18.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-17T06:15:33.530",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.