Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38997


A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.


Published

2023-08-09T19:15:14.593

Last Modified

2024-11-21T08:14:35.247

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses
  • Type: Primary
    CWE-22

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application opnsense opnsense < 23.7 Yes

References