CVE-2023-39004

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 9, 2023
Updated: Oct 10, 2023
CWE ID 732

Summary

CVE-2023-39004 is a vulnerability affecting OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. This issue stems from insecure permissions in the configuration directory (/conf/). An attacker can exploit this vulnerability to gain access to sensitive information, including the hashed root password. The potential consequence of this vulnerability is privilege escalation, making it crucial for affected users to apply the necessary patches as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share