Vulnerabilities (CVE)

Filtered by vendor Opnsense Subscribe

Filtered by product Opnsense

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-39004	1 Opnsense	1 Opnsense	2023-08-15	N/A	9.8 CRITICAL
Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
CVE-2023-38997	1 Opnsense	1 Opnsense	2023-08-15	N/A	9.8 CRITICAL
A directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.
CVE-2023-39001	1 Opnsense	1 Opnsense	2023-08-15	N/A	9.8 CRITICAL
A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file.
CVE-2023-39008	1 Opnsense	1 Opnsense	2023-08-14	N/A	9.8 CRITICAL
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.
CVE-2023-39007	1 Opnsense	1 Opnsense	2023-08-11	N/A	9.6 CRITICAL
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.