vulnerability

pfSense: pfSense-SA-19_06.webgui: Authenticated Arbitrary Code Execution in the WebGUI

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	May 20, 2019	May 21, 2019	Feb 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

May 20, 2019

Added

May 21, 2019

Modified

Feb 18, 2025

Description

The OpenVPN server (vpn_openvpn_server.php), client (vpn_openvpn_client.php),
and client-specific override (vpn_openvpn_csc.php) pages on pfSense allow
authenticated administrators to enter custom advanced options which are passed
through as-is to the OpenVPN configuration file. These parameters can include
directives such as "up" which are able to run arbitrary binaries when specific
events occur in OpenVPN.

Allowing these advanced parameters is an intended feature. However, an
administrator may not expect that by allowing a lower-privilege user access to
these pages that the lower-privilege user may use the advanced options to
execute arbitrary code.

An authenticated user granted access to these pages via their associated
privileges, either directly or via group membership, could leverage these
directives to gain elevated privileges and make arbitrary changes to the
firewall.

Solution

pfsense-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today