COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-39004

CVE-2023-39004

Severity
critical
Source
NVD · cve
Published
2023-08-09
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-39004
shame 35/100

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

Players implicated

opnsense · vendoropnsense · product

Description

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.