Lucene search
MitreCVE-2023-38999HistoryAug 09, 2023 - 7:15 p.m.
CVE-2023-38999
2023-08-0919:15:14
CWE-352
mitre
web.nvd.nist.gov
2607
cve-2023-38999
cross-site request forgery
csrf
system halt api
opnsense
denial of service
dos
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
25.9%
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
Affected configurations
Node
opnsenseopnsenseRange<23.7
Related
osv
osv
CVE-2023-38999
2023-08-09 19:15:14
nvd
nvd
CVE-2023-38999
2023-08-09 19:15:14
prion
prion
Cross site request forgery (csrf)
2023-08-09 19:15:00
cvelist
cvelist
CVE-2023-38999
2023-08-09 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
25.9%
Related for CVE-2023-38999