CVE-2023-39006

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 9, 2023

Updated: Oct 10, 2023

CWE ID 79

Summary

CVE-2023-39006 refers to a vulnerability affecting the Crash Reporter component in OPNsense Community Edition up to 23.7 and Business Edition up to 23.4.2. This issue involves inadequate input sanitization in crash_reporter.php, which can lead to arbitrary code execution. Successful exploitation may result in unauthorized access, data theft, or system compromise. Users are advised to update their OPNsense installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OPNsense

Affected Vendors

Opnsense

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6bbz
https://www.cve.org/CVERecord?id=CVE-2023-39006
https://nvd.nist.gov/vuln/detail/CVE-2023-39006

Back to Vulnerability Database