CVE-2023-38321

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 25, 2023
Updated: Jan 3, 2024
CWE ID 476

Summary

CVE-2023-38321 is a vulnerability affecting OpenNDS, a component used in Sierra Wireless ALEOS before version 4.17.0.12 and other products. This issue allows remote attackers to cause a denial of service by sending a malicious GET request to the /opennds_auth/ endpoint without a custom query string parameter and client-token. The absence of these parameters results in a NULL pointer dereference, causing the daemon to crash and leading to a Captive Portal outage.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Sierra Wireless ALEOS

Affected Vendors

  • Sierra Wireless