Opnsense

Opnsense

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-39008

Exploit
  • EPSS 5.14%
  • Veröffentlicht 09.08.2023 19:15:15
  • Zuletzt bearbeitet 21.11.2024 08:14:36

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.

9.6

CVE-2023-39007

Exploit
  • EPSS 54.15%
  • Veröffentlicht 09.08.2023 19:15:15
  • Zuletzt bearbeitet 21.11.2024 08:14:36

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.

5.4

CVE-2023-39006

Exploit
  • EPSS 0.12%
  • Veröffentlicht 09.08.2023 19:15:15
  • Zuletzt bearbeitet 21.11.2024 08:14:36

The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.

7.5

CVE-2023-39005

Exploit
  • EPSS 0.52%
  • Veröffentlicht 09.08.2023 19:15:15
  • Zuletzt bearbeitet 21.11.2024 08:14:36

Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.

9.8

CVE-2023-39004

Exploit
  • EPSS 0.14%
  • Veröffentlicht 09.08.2023 19:15:15
  • Zuletzt bearbeitet 21.11.2024 08:14:36

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escal...

6.1

CVE-2023-39002

Exploit
  • EPSS 23.58%
  • Veröffentlicht 09.08.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 08:14:36

A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

7.2

CVE-2023-38997

Exploit
  • EPSS 0.98%
  • Veröffentlicht 09.08.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 08:14:35

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.

6.1

CVE-2023-38998

Exploit
  • EPSS 0.2%
  • Veröffentlicht 09.08.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 08:14:35

An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.

6.5

CVE-2023-38999

Exploit
  • EPSS 0.15%
  • Veröffentlicht 09.08.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 08:14:35

A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

6.1

CVE-2023-39000

Exploit
  • EPSS 0.24%
  • Veröffentlicht 09.08.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 08:14:35

A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.