CVE-2023-38318: OS Command Injection
First published: Fri Jan 26 2024(Updated: )
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opennds Opennds | <10.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-38318?
CVE-2023-38318 is classified as a high-severity vulnerability due to the potential for arbitrary OS command execution.
How do I fix CVE-2023-38318?
To fix CVE-2023-38318, upgrade OpenNDS to version 10.1.3 or later, which addresses this vulnerability.
What type of vulnerability is CVE-2023-38318?
CVE-2023-38318 is a command injection vulnerability caused by improper sanitization of the gateway FQDN entry in the configuration file.
Who is affected by CVE-2023-38318?
CVE-2023-38318 affects all versions of OpenNDS prior to version 10.1.3.
Can CVE-2023-38318 be exploited remotely?
Yes, CVE-2023-38318 can be exploited by attackers with either direct or indirect access to the configuration file.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/opennds
- canonical/opennds opennds