Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
{
"cna_assigner": "mitre",
"unresolved_ranges": [
{
"source": "DESCRIPTION",
"extracted_events": [
{
"fixed": "23.7"
},
{
"fixed": "23.4.2"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/39xxx/CVE-2023-39004.json"
}