CVE-2023-38997

2023-08-0900:00:00

mitre

www.cve.org

captive portal

opnsense

zip archive

arbitrary commands

0.001 Low

EPSS

Percentile

21.7%

JSON

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.

References

github.com/opnsense/core/commit/448762d440b51574f1906c0ec2f5ea6dc4f16eb2

logicaltrust.net/blog/2023/08/opnsense.html

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVELIST:CVE-2023-38997