CVE-2023-39004

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 9, 2023

Updated: Oct 10, 2023

CWE ID 732

Summary

CVE-2023-39004 is a vulnerability affecting OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. This issue stems from insecure permissions in the configuration directory (/conf/). An attacker can exploit this vulnerability to gain access to sensitive information, including the hashed root password. The potential consequence of this vulnerability is privilege escalation, making it crucial for affected users to apply the necessary patches as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OPNsense

Affected Vendors

Opnsense

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6bbZ
https://www.cve.org/CVERecord?id=CVE-2023-39004
https://nvd.nist.gov/vuln/detail/CVE-2023-39004

Back to Vulnerability Database