So I've upgraded from 22 to 23 and says on latest version 23.1.1_2 yet when checking security audit under updates it's still returning the following
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.1.1_2 at Sun Mar 5 11:50:38 GMT 2023
vulnxml file up-to-date
strongswan-5.9.9_1 is vulnerable:
strongSwan -- certificate verification vulnerability
CVE: CVE-2023-26463
WWW: https://vuxml.FreeBSD.org/freebsd/3f9b6943-ba58-11ed-bbbd-00e0670f2660.html
1 problem(s) in 1 installed package(s) found.
***DONE***
the vunerability reports the following
A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected.
If we don't use the vpn's within OpnSense, do we need to be worried