vulnerability
pfSense: pfSense-SA-16_07.webgui: Arbitrary Code Execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Jun 9, 2016 | Aug 25, 2017 | Feb 18, 2025 |
Description
A command-injection vulnerability exists in pkg_mgr_install.php using the 'id'
parameter. This allows an authenticated WebGUI user with privileges for
pkg_mgr_install.php to execute commands in the context of the root user.
A user on pfSense version 2.3.1_1 or earlier, granted limited access to the
pfSense web configurator GUI including access to pkg_mgr_install.php could
leverage these vulnerabilities to gain increased privileges, read other files,
execute commands, or perform other alterations.
Some characters, such as '/' and '-' were filtered, which limits the number of
commands which could be executed using this vulnerability.
This is not relevant for admin-level users as there are other deliberate means
by which an administrator could run commands.
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.