CVE-2023-39004

Description

Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

Related CPE's

a opnsense opnsense ********

References

https://logicaltrust.net/blog/2023/08/opnsense.html

ExploitThird Party Advisory

http://opnsense.com

Product

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io