SB2023120810 - Multiple vulnerabilities in openNDS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023120810

SB2023120810 - Multiple vulnerabilities in openNDS

Published: December 8, 2023

Security Bulletin ID SB2023120810
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Cryptographic issues (CVE-ID: CVE-2023-38324)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to a logic issue when the default FAS key is used and OpenNDS is configured as FAS. A remote attacker can skip the splash page sequence and perform MitM attack.


2) NULL pointer dereference (CVE-ID: CVE-2023-38322)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the do_binauth() function. A remote attacker can send a crafted GET HTTP request with a missing User-Agent HTTP header and perform a denial of service (DoS) attack.


3) NULL pointer dereference (CVE-ID: CVE-2023-38320)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the show_preauthpage() function. A remote attacker can send a crafted GET HTTP with a missing User-Agent header and perform a denial of service (DoS) attack.


4) OS Command Injection (CVE-ID: CVE-2023-38316)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted URL to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) NULL pointer dereference (CVE-ID: CVE-2023-38315)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the try_to_authenticate() function. A remote attacker can send a crafted GET HTTP with a missing client token query string parameter and perform a denial of service (DoS) attack.


6) NULL pointer dereference (CVE-ID: CVE-2023-38313)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the do_binauth() function. A remote attacker can send a crafted GET HTTP request with a missing client redirect query string parameter and perform a denial of service (DoS) attack.


7) NULL pointer dereference (CVE-ID: CVE-2023-38314)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the preauthenticated() function. A remote attacker can send a specially crafted GET HTTP request to the server and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References