Opnsense: community verdicts
2 notable / known-exploited Opnsense CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Opnsense CVE, see NVD ↗.
- CVE-2023-39004CRIT 9.8Real · low riskEPSS 1%
Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.
- CVE-2023-39003HIGH 7.5Real · low riskEPSS 1%
OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.