CVE-2023-39005

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 9, 2023

Updated: Oct 10, 2023

CWE ID 732

Summary

CVE-2023-39005: OPNsense Community Edition and Business Edition versions prior to 23.7 and 23.4.2, respectively, suffer from insecure permissions for the configd.socket file. An attacker with local access could exploit this vulnerability to gain elevated privileges, potentially leading to unauthorized system modifications or data theft. Users are strongly advised to apply the relevant security patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OPNsense

Affected Vendors

Opnsense

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6MHZ
https://www.cve.org/CVERecord?id=CVE-2023-39005
https://nvd.nist.gov/vuln/detail/CVE-2023-39005

Back to Vulnerability Database