Page 7 of 58 results (0.012 seconds)

CVSS: 7.2EPSS: 19%CPEs: 1EXPL: 1

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter. Existe una vulnerabilidad de inyección de comandos explotable en la manera en la que Netgate pfSense CE 2.4.4-RELEASE procesa los parámetros de una petición POST específica. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0690 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.2EPSS: 19%CPEs: 1EXPL: 1

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter. Existe una vulnerabilidad de inyección de comandos explotable en la manera en la que Netgate pfSense CE 2.4.4-RELEASE procesa los parámetros de una petición POST específica. • https://talosintelligence.com/vulnerability_reports/TALOS-2018-0690 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP. Existe una vulnerabilidad de inyección de comandos en status_interfaces.php por medio de dhcp_relinquish_lease() en pfSense en versiones anteriores a la 2.4.4 debido a que pasa entradas de usuario de los parámetros $_POST "ifdescr" y "ipv" a un shell sin escapar el contenido de las variables. Esto permite que un usuario de la WebGUI autenticado con privilegios en la página afectada ejecute comandos en el contexto del usuario root al enviar una solicitud para renunciar a una asignación DHCP para una interfaz que está configurada para obtener su dirección mediante DHCP. • https://doddsecurity.com/190/command-injection-on-pfsense-firewalls https://www.pfsense.org/security/advisories/pfSense-SA-18_08.webgui.asc • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 49%CPEs: 1EXPL: 3

pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. pfSense, en versiones anteriores a la 2.3, permite que usuarios autenticados remotos ejecuten comandos arbitrarios del sistema operativo mediante un carácter "|" en el parámetro de gráfica status_rrd_graph_img.php, relacionado con _rrd_graph_img.php. • https://www.exploit-db.com/exploits/39709 https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec https://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 2

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions. pfSense, en sus versiones 2.4.1 y anteriores, es vulnerable a ataques de secuestro de clics en la página de error CSRF. Esto resulta en la ejecución con privilegios de código arbitrario. • http://www.openwall.com/lists/oss-security/2017/11/22/7 https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes https://github.com/opnsense/core/commit/d218b225 https://github.com/pfsense/pfsense/commit/386d89b07 https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html https://securify.nl/en/advisory/SFY20171101/clickjacking-vuln • CWE-352: Cross-Site Request Forgery (CSRF) •