Rapid7 Vulnerability & Exploit Database

pfSense: pfSense-SA-16_08.webgui: Arbitrary Code Execution

Back to Search

pfSense: pfSense-SA-16_08.webgui: Arbitrary Code Execution

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/09/2016
Created
07/25/2018
Added
08/25/2017
Modified
08/25/2017

Description

A command-injection vulnerability exists in auth.inc via system_groupmanager.php using the 'members' parameter. This allows an authenticated WebGUI user with privileges for system_groupmanager.php to execute commands in the context of the root user. A user on pfSense version 2.3.1_1 or earlier, granted limited access to the pfSense web configurator GUI including access to system_groupmanager.php could leverage these vulnerabilities to gain increased privileges, read other files, execute commands, or perform other alterations. Note users with access to the group manager almost always have full admin rights, and can grant themselves such rights if they do not already have them. This is not relevant for admin-level users as there are other deliberate means by which an administrator could run commands.

Solution(s)

  • pfsense-upgrade-latest

References

  • pfsense-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;