An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
Max CVSS
9.8
EPSS Score
0.76%
Published
2023-11-08
Updated
2023-11-16
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
Max CVSS
9.8
EPSS Score
0.21%
Published
2023-03-22
Updated
2023-04-10
pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.
Max CVSS
9.8
EPSS Score
0.61%
Published
2022-12-20
Updated
2022-12-28

CVE-2021-41282

Public exploit
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
Max CVSS
9.0
EPSS Score
97.25%
Published
2022-03-01
Updated
2022-07-12

CVE-2016-10709

Public exploit
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Max CVSS
9.0
EPSS Score
49.34%
Published
2018-01-22
Updated
2018-02-09
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!