CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-12584
https://notcve.org/view.php?id=CVE-2019-12584
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. Apcupsd versión 0.3.91_5, como es usado en pfSense hasta versión 2.4.4-RELEASE-p3 y otros productos, tiene un problema de tipo Cross-Site Scripting (XSS) en el archivo apcupsd_status.php. • https://ctrsec.io/index.php/2019/05/28/cve-2019-12584-12585-command-injection-vulnerability-on-pfsense-2-4-4-release-p3 https://github.com/pfsense/FreeBSD-ports/commit/b492c0ea47aba8dde2f14183e71498ba207594e3 https://redmine.pfsense.org/issues/9556 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11816
https://notcve.org/view.php?id=CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. El control de acceso incorrecto en la WebUI en OPNsense antes de la versión 19.1.8, y pfsense antes de 2.4.4-p3 permite a los usuarios autenticados remotos escalar los privilegios a administrador a través de una solicitud especialmente diseñada. • https://forum.opnsense.org/index.php?topic=12787.0 https://www.netgate.com/blog/pfsense-2-4-4-release-p3-now-available.html •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16055
https://notcve.org/view.php?id=CVE-2018-16055
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP. Existe una vulnerabilidad de inyección de comandos en status_interfaces.php por medio de dhcp_relinquish_lease() en pfSense en versiones anteriores a la 2.4.4 debido a que pasa entradas de usuario de los parámetros $_POST "ifdescr" y "ipv" a un shell sin escapar el contenido de las variables. Esto permite que un usuario de la WebGUI autenticado con privilegios en la página afectada ejecute comandos en el contexto del usuario root al enviar una solicitud para renunciar a una asignación DHCP para una interfaz que está configurada para obtener su dirección mediante DHCP. • https://doddsecurity.com/190/command-injection-on-pfsense-firewalls https://www.pfsense.org/security/advisories/pfSense-SA-18_08.webgui.asc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 49%CPEs: 1EXPL: 3CVE-2016-10709
https://notcve.org/view.php?id=CVE-2016-10709
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. pfSense, en versiones anteriores a la 2.3, permite que usuarios autenticados remotos ejecuten comandos arbitrarios del sistema operativo mediante un carácter "|" en el parámetro de gráfica status_rrd_graph_img.php, relacionado con _rrd_graph_img.php. • https://www.exploit-db.com/exploits/39709 https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec https://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 3CVE-2017-1000479 – Clickjacking Vulnerability In CSRF Error Page pfSense
https://notcve.org/view.php?id=CVE-2017-1000479
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions. pfSense, en sus versiones 2.4.1 y anteriores, es vulnerable a ataques de secuestro de clics en la página de error CSRF. Esto resulta en la ejecución con privilegios de código arbitrario. • http://www.openwall.com/lists/oss-security/2017/11/22/7 https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes https://github.com/opnsense/core/commit/d218b225 https://github.com/pfsense/pfsense/commit/386d89b07 https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html https://securify.nl/en/advisory/SFY20171101/clickjacking-vuln • CWE-352: Cross-Site Request Forgery (CSRF) •