Vulnerabilities > Opnsense > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2023-27152 | Improper Restriction of Excessive Authentication Attempts vulnerability in Opnsense 23.1 DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | 9.8 |
| 2023-08-09 | CVE-2023-39001 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | 9.8 |
| 2023-08-09 | CVE-2023-39004 | Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | 9.8 |
| 2023-08-09 | CVE-2023-39007 | Cross-site Scripting vulnerability in Opnsense /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. | 9.6 |
| 2023-08-09 | CVE-2023-39008 | Command Injection vulnerability in Opnsense A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | 9.8 |