vulnerability

pfSense: pfSense-SA-18_08.webgui: Authenticated Arbitrary Code Execution

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Aug 28, 2018	Sep 25, 2018	Dec 21, 2018

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Aug 28, 2018

Added

Sep 25, 2018

Modified

Dec 21, 2018

Description

An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP.

Solution

pfsense-upgrade-latest

References

CVE-2018-16055
https://attackerkb.com/topics/CVE-2018-16055
URL-https://pfsense.org/security/advisories/pfSense-SA-18_08.webgui.asc
URL-https://www.netgate.com/docs/pfsense/development/system-patches.html
URL-https://www.netgate.com/docs/pfsense/install/upgrade-guide.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today