Shodan
Vulnerabilities
Vulnerable Software
Opnsense:  >> Opnsense  >> 15.1.10.2  Security Vulnerabilities
CVE-2023-44275
OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-09-28
CVE-2023-44276
OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-09-28
CVE-2023-39004
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-09
CVE-2023-39005
Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-08-09
CVE-2023-39006
The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-08-09
CVE-2023-39007
/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.
CVSS Score
9.6
EPSS Score
0.476
Published
2023-08-09
CVE-2023-39008
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.
CVSS Score
9.8
EPSS Score
0.046
Published
2023-08-09
CVE-2023-38997
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.
CVSS Score
7.2
EPSS Score
0.005
Published
2023-08-09
CVE-2023-38998
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-08-09
CVE-2023-38999
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved