Rapid7 Vulnerability & Exploit Database

pfSense: pfSense-SA-15_04.webgui: Arbitrary file deletion vulnerability in the pfSense WebGUI

Back to Search

pfSense: pfSense-SA-15_04.webgui: Arbitrary file deletion vulnerability in the pfSense WebGUI

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/05/2015
Created
07/25/2018
Added
08/25/2017
Modified
03/27/2020

Description

A vulnerability was discovered in the pfSense WebGUI that could lead to arbitrary file deletion. Insufficient validation of the HTTP request origin and the "deletefile" HTTP GET parameter in the "/system_firmware_restorefullbackup.php" script can lead to arbitrary file deletion. A remote attacker can trick a log-in administrator into visiting a malicious page with CSRF exploit and delete arbitrary files on the target system with root privileges. Due to the lack of validation on the affected actions and pages, a CSRF attack could executed in the user's browser to trigger an unwanted action. Loading the "/system_firmware_restorefullbackup.php" page with the "deletefile" HTTP GET parameter defined deletes the specified file without CSRF protection, sanitizing the path, or other verification. Passing a relative path in the variable would allow deletion of an arbitrary file.

Solution(s)

  • pfsense-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;