Insecure Permissions in OPNsense Configuration Directory: Privilege Escalation Vulnerability

CVE-2023-39004 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

Learn more about our Web Application Penetration Testing UK.