CVE-2023-39004 Information

Description

Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g. hashed root password) which could lead to privilege escalation.

Reference

https://logicaltrust.net/blog/2023/08/opnsense.html http://opnsense.com