CVE-2023-38997: Path Traversal
First published: Wed Aug 09 2023(Updated: )
A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OPNsense OPNsense | <23.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this OPNsense vulnerability?
The vulnerability ID for this OPNsense vulnerability is CVE-2023-38997.
What is the severity of CVE-2023-38997?
The severity of CVE-2023-38997 is critical with a CVSS score of 9.8.
How does the directory traversal vulnerability in OPNsense before 23.7 affect the system?
The directory traversal vulnerability in OPNsense before 23.7 allows attackers to execute arbitrary system commands as root.
What software version is affected by CVE-2023-38997?
The OPNsense software version up to exclusive version 23.7 is affected by CVE-2023-38997.
How can I fix the directory traversal vulnerability in OPNsense?
To fix the directory traversal vulnerability in OPNsense, update to version 23.7 or later.
- agent/references
- agent/author
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/opnsense
- canonical/opnsense opnsense