CVE-2023-38321
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 25, 2023
Updated: Jan 3, 2024
CWE ID 476
Summary
CVE-2023-38321 is a vulnerability affecting OpenNDS, a component used in Sierra Wireless ALEOS before version 4.17.0.12 and other products. This issue allows remote attackers to cause a denial of service by sending a malicious GET request to the /opennds_auth/ endpoint without a custom query string parameter and client-token. The absence of these parameters results in a NULL pointer dereference, causing the daemon to crash and leading to a Captive Portal outage.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Sierra Wireless ALEOS
Affected Vendors
- Sierra Wireless