CVE-2023-38317: OS Command Injection
First published: Fri Jan 26 2024(Updated: )
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opennds Opennds | <10.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-38317?
CVE-2023-38317 is considered a critical vulnerability due to its ability to allow arbitrary OS command execution.
How do I fix CVE-2023-38317?
To fix CVE-2023-38317, you should upgrade OpenNDS to version 10.1.3 or later.
Who is affected by CVE-2023-38317?
CVE-2023-38317 affects all versions of OpenNDS prior to 10.1.3.
Can CVE-2023-38317 be exploited remotely?
CVE-2023-38317 can potentially be exploited by attackers with direct or indirect access to the configuration file.
What are the consequences of CVE-2023-38317?
The consequences of CVE-2023-38317 include the possibility of an attacker executing arbitrary commands on the operating system.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/opennds
- canonical/opennds opennds