exploitDog

CVE-2023-39004

Опубликовано: 09 авг. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

Ссылки

http://opnsense.com
Product
https://logicaltrust.net/blog/2023/08/opnsense.html
Exploit
Third Party Advisory
http://opnsense.com
Product
https://logicaltrust.net/blog/2023/08/opnsense.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:*

Версия до 23.7 (исключая)

EPSS

Процентиль: 31%

0.00116

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-g5mw-r3hw-p72x

CVSS3: 9.8

github

больше 2 лет назад

Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

EPSS

Процентиль: 31%

0.00116

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-732