CVE-2023-38997

Name of the Vulnerable Software and Affected Versions OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2

Description A directory traversal vulnerability exists in the Captive Portal templates of OPNsense, allowing attackers to execute arbitrary system commands as root via a crafted ZIP archive. This issue arises due to incorrect restriction of the directory path name with limited access. Exploitation of this vulnerability may enable a remote attacker to execute arbitrary commands with root privileges using a specially crafted ZIP archive.

Recommendations For OPNsense Community Edition versions prior to 23.7, update to version 23.7 or later to resolve the issue. For OPNsense Business Edition versions prior to 23.4.2, update to version 23.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Captive Portal templates until a patch is available.