Shodan
Vulnerabilities
Vulnerable Software
Opnsense:  >> Opnsense  >> 15.1  Security Vulnerabilities
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-08-09
CVE-2023-39006
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-08-09
CVE-2023-39007
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
CVSS Score
9.6
EPSS Score
0.541
Published
2023-08-09
CVE-2023-39008
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.
CVSS Score
9.8
EPSS Score
0.052
Published
2023-08-09
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.
CVSS Score
7.2
EPSS Score
0.01
Published
2023-08-09
CVE-2023-38998
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-08-09
CVE-2023-38999
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-08-09
CVE-2023-39000
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-08-09
CVE-2023-39001
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file.
CVSS Score
9.8
EPSS Score
0.055
Published
2023-08-09
CVE-2023-39002
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.236
Published
2023-08-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved