vulnerability
pfSense: pfSense-SA-22_02.webgui: Multiple vulnerabilities in the WebGUI
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Jan 12, 2022 | Oct 18, 2022 | Feb 18, 2025 |
Description
The diag_routes.php page in the pfSense CE and pfSense Plus software WebGUI
contains multiple vulnerabilities resulting from passing arbitrary user input in
the filter parameter as a pattern to the sed command. These problems are present
on pfSense CE version 2.5.2, pfSense Plus version 21.05.2, and earlier versions
of both.
The input passed to sed from the filter parameter was escaped to prevent direct
injection of shell commands but commands internal to sed patterns were still
possible (e.g. 'e', 'r', 'w'). By passing patterns to sed containing internal
sed command directives, the attacker could execute shell commands and read or
write arbitrary files.
An authenticated attacker with access the to affected page could execute
arbitrary shell commands, perform privilege escalation, information disclosure,
denial of service, or other negative outcomes.
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.