Lucene search

Ubuntu.comUB:CVE-2023-38317

HistoryJan 26, 2024 - 12:00 a.m.

CVE-2023-38317

2024-01-2600:00:00

ubuntu.com

opennds

configuration file

os command execution

network interface

cve-2023-38317

unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

38.2%

JSON

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the
network interface name entry in the configuration file, allowing attackers
that have direct or indirect access to this file to execute arbitrary OS
commands.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchopennds< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	opennds	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2023-38317

nvd.nist.gov/vuln/detail/CVE-2023-38317

security-tracker.debian.org/tracker/CVE-2023-38317

source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx

www.cve.org/CVERecord?id=CVE-2023-38317

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

38.2%

JSON

Related for UB:CVE-2023-38317