CVE-2023-38319: OS Command Injection
First published: Fri Jan 26 2024(Updated: )
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenNDS | <10.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-38319?
CVE-2023-38319 has a critical severity level due to the potential for remote command execution.
How do I fix CVE-2023-38319?
To fix CVE-2023-38319, update OpenNDS to version 10.1.3 or later.
What systems are affected by CVE-2023-38319?
CVE-2023-38319 affects OpenNDS versions prior to 10.1.3.
Can CVE-2023-38319 be exploited remotely?
Yes, CVE-2023-38319 can be exploited remotely if attackers can access the configuration file.
What type of vulnerability is CVE-2023-38319?
CVE-2023-38319 is a command injection vulnerability caused by improper sanitization of the FAS key in the configuration file.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/event
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/opennds
- canonical/opennds