vulnerability

pfSense: pfSense-SA-16_05.webgui: Arbitrary Code Execution

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
May 24, 2016
Added
Aug 25, 2017
Modified
Feb 18, 2025

Description


Command-injection vulnerabilities exist in diag_smart.php and diag_routes.php.
These allow authenticated WebGUI users with privileges for diag_smart.php or
diag_routes.php to execute commands in the context of the root user.

A user on pfSense version 2.3.1 or earlier, granted limited access to the
pfSense web configurator GUI including access to diag_smart.php and
diag_routes.php via their associated privileges: "WebCfg - Diagnostics:
S.M.A.R.T. Status" and "WebCfg - Diagnostics: Routing Tables" respectively,
could leverage these vulnerabilities to gain increased privileges, read other
files, execute commands, or perform other alterations.

This is not relevant for admin-level users as there are other deliberate means
by which an administrator could run commands.

Solution

pfsense-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.