Security Advisory

CVE-2023-38321

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-25 00:00:00
Last updated 2024-08-02 17:39:12
Assigner mitre
State PUBLISHED

Description

OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.