Vulnerabilities > Opnsense

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-39004 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
network
low complexity
opnsense CWE-732
critical
9.8
2023-08-09 CVE-2023-39005 Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
network
low complexity
opnsense CWE-732
7.5
2023-08-09 CVE-2023-39006 Cross-site Scripting vulnerability in Opnsense
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.
network
low complexity
opnsense CWE-79
5.4
2023-08-09 CVE-2023-39007 Cross-site Scripting vulnerability in Opnsense
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
network
low complexity
opnsense CWE-79
critical
9.6
2023-08-09 CVE-2023-39008 Command Injection vulnerability in Opnsense
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.
network
low complexity
opnsense CWE-77
critical
9.8
2021-11-08 CVE-2021-42770 Cross-site Scripting vulnerability in Opnsense
A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.
network
low complexity
opnsense CWE-79
6.1
2021-05-03 CVE-2020-23015 Open Redirect vulnerability in Opnsense
An open redirect issue was discovered in OPNsense through 20.1.5.
network
low complexity
opnsense CWE-601
6.1
2019-06-17 CVE-2018-18958 Improper Access Control vulnerability in Opnsense
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.
network
low complexity
opnsense CWE-284
6.5
2019-05-20 CVE-2019-11816 Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
network
low complexity
netgate opnsense
7.2