CVE-2019-11816 — Opnsense vulnerability

2 documents2 sources

Severity

7.2HIGHNVD

EPSS

2.1%

top 15.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opnsense Netgate Pfsense

Timeline

PublishedMay 20

Latest updateMay 24

Description

Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDopnsense/opnsense< 19.1.8

▶NVDnetgate/pfsense2.4.4+1

🔴Vulnerability Details

GHSA

GHSA-m83v-2qcx-3x2w: Incorrect access control in the WebUI in OPNsense before version 19↗2022-05-24

▶