FKIE_CVE-2023-38316

Vulnerability from fkie_nvd - Published: 2023-11-17 06:15 - Updated: 2024-11-21 08:13
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.
References
cve@mitre.orghttps://github.com/openNDS/openNDS/releases/tag/v10.1.2Release Notes, Vendor Advisory
cve@mitre.orghttps://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
cve@mitre.orghttps://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs
af854a3a-2127-422b-91ae-364da2661108https://github.com/openNDS/openNDS/releases/tag/v10.1.2Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80
af854a3a-2127-422b-91ae-364da2661108https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs
Impacted products
Vendor Product Version
opennds captive_portal *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opennds:captive_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C7501E-5FCE-4728-A6DC-9DD6C0468496",
              "versionEndExcluding": "10.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en OpenNDS Captive Portal antes de la versi\u00f3n 10.1.2. Cuando la devoluci\u00f3n de llamada personalizada sin escape est\u00e1 habilitada, los atacantes pueden ejecutar comandos arbitrarios del sistema operativo insert\u00e1ndolos en la parte URL de las solicitudes HTTP GET."
    }
  ],
  "id": "CVE-2023-38316",
  "lastModified": "2024-11-21T08:13:18.900",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-17T06:15:33.617",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openwrt/routing/commit/0b19771fb2dd81e7c428759610aed583171eed80"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006-v4/#sthash.2vJg3d85.rwx82g1C.dpbs"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.