CVE-2022-26019
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
Una vulnerabilidad de control de acceso inapropiado en pfSense CE y pfSense Plus (versiones de software de pfSense CE anteriores a 2.6.0 y versiones de software de pfSense Plus anteriores a 22.01) permite que un atacante remoto con el privilegio de cambiar la configuraciĆ³n del GPS NTP reescriba los archivos existentes en el sistema de archivos, lo que puede resultar en una ejecuciĆ³n de un comando arbitrario
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-06 CVE Reserved
- 2022-03-31 CVE Published
- 2024-06-22 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.asc | 2023-08-08 | |
| https://jvn.jp/en/jp/JVN87751554/index.html | 2023-08-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netgate Search vendor "Netgate" | Pfsense Search vendor "Netgate" for product "Pfsense" | < 2.6.0 Search vendor "Netgate" for product "Pfsense" and version " < 2.6.0" | - |
Affected
| ||||||
| Netgate Search vendor "Netgate" | Pfsense Plus Search vendor "Netgate" for product "Pfsense Plus" | < 22.01 Search vendor "Netgate" for product "Pfsense Plus" and version " < 22.01" | - |
Affected
| ||||||