Rapid7 Vulnerability & Exploit Database

pfSense: pfSense-SA-14_15.webgui: Multiple Command Injection Vulnerabilities in the pfSense WebGUI

Back to Search

pfSense: pfSense-SA-14_15.webgui: Multiple Command Injection Vulnerabilities in the pfSense WebGUI

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
08/08/2014
Created
07/25/2018
Added
08/25/2017
Modified
03/27/2020

Description

Multiple Command Injection vulnerabilities were discovered in the pfSense WebGUI during a security audit. * Command Injection in diag_testport.php * Command Injection in services_dnsmasq.php A user granted limited access to the pfSense WebGUI including access to affected pages can leverage these vulnerabilities to gain increased privileges, read arbitrary files, execute commands, or perform other alterations. The srcport value passed via POST on diag_testport.php is not properly validated or sanitized. A specially-crafted string sent as the "srcport" value can trigger the vulnerability. The advanced options on the services_dnsmasq.php page are passed to dnsmasq as command line parameters and they are not properly validated or sanitized. A specially crafted string sent as the "custom_options" value can trigger the vulnerability.

Solution(s)

  • pfsense-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;