Search criteria
31 vulnerabilities by pfSense
CVE-2025-34178 (GCVE-0-2025-34178)
Vulnerability from cvelistv5 – Published: 2025-09-09 20:23 – Updated: 2025-11-20 12:22
VLAI?
Summary
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgate | pfSense CE |
Affected:
7.0.8_2
(custom)
|
Credits
Alex Williams (Pellera Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T14:04:10.380873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T14:29:05.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Suricata",
"product": "pfSense CE",
"repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "7.0.8_2",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams (Pellera Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_app_parsers.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003epolicy_name\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In pfSense CE\u00a0/suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T12:22:56.508Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://redmine.pfsense.org/issues/16414"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-package-stored-xss"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34178",
"datePublished": "2025-09-09T20:23:44.475Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-11-20T12:22:56.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34177 (GCVE-0-2025-34177)
Vulnerability from cvelistv5 – Published: 2025-09-09 20:19 – Updated: 2025-11-20 12:23
VLAI?
Summary
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgate | pfSense CE |
Affected:
7.0.8_2
(custom)
|
Credits
Alex Williams (Pellera Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T13:16:14.669013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T13:16:21.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Suricata",
"product": "pfSense CE",
"repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "7.0.8_2",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams (Pellera Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_flow_stream.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003epolicy_name\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e"
}
],
"value": "In pfSense CE\u00a0/suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T12:23:06.521Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://redmine.pfsense.org/issues/16414"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-stored-xss"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34177",
"datePublished": "2025-09-09T20:19:09.928Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-11-20T12:23:06.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34176 (GCVE-0-2025-34176)
Vulnerability from cvelistv5 – Published: 2025-09-09 20:14 – Updated: 2025-11-20 12:23
VLAI?
Summary
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgate | pfSense CE |
Affected:
7.0.8_2
(custom)
|
Credits
Alex Williams (Pellera Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T13:23:57.725858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T13:24:04.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Suricata",
"product": "pfSense CE",
"repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "7.0.8_2",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams (Pellera Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/suricata/suricata_ip_reputation.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003eiplist\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In pfSense CE\u00a0/suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: suricata package\" permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T12:23:14.723Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://redmine.pfsense.org/issues/16414"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-directory-traversal-information-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgate pfSense CE Suricata Package v7.0.8_2 Directory Traversal Information Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34176",
"datePublished": "2025-09-09T20:14:37.899Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-11-20T12:23:14.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34175 (GCVE-0-2025-34175)
Vulnerability from cvelistv5 – Published: 2025-09-09 20:09 – Updated: 2025-11-20 12:23
VLAI?
Summary
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgate | pfSense CE |
Affected:
7.0.8_2
(custom)
|
Credits
Alex Williams (Pellera Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T20:20:29.625163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T20:23:06.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Suricata",
"product": "pfSense CE",
"repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "7.0.8_2",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_plus:7.0.8_2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams (Pellera Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In pfSense CE\u0026nbsp;\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/suricata/suricata_filecheck.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003efilehash\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In pfSense CE\u00a0/usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T12:23:27.465Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/97852ccfd201b24ee542be30af81272485fde0b4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://redmine.pfsense.org/issues/16414"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-suricata-reflected-xss"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgate pfSense CE Suricata package v7.0.8_2 Reflected Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34175",
"datePublished": "2025-09-09T20:09:50.289Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-11-20T12:23:27.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34174 (GCVE-0-2025-34174)
Vulnerability from cvelistv5 – Published: 2025-09-09 20:02 – Updated: 2025-11-20 12:23
VLAI?
Summary
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Status: Traffic Totals" permissions.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgate | pfSense CE |
Affected:
2.3.2_7
(custom)
|
Credits
Alex Williams (Pellera Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:19:48.685403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:19:56.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Status_Traffic_Totals",
"product": "pfSense CE",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "2.3.2_7",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_plus:2.3.2_7:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams (Pellera Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/status_traffic_totals.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003estart-day\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Status: Traffic Totals\" permissions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In pfSense CE\u00a0/usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as the default value to be displayed to all users when visiting the Status Traffic Totals page, resulting in stored cross-site scripting. The attacker must be authenticated with at least \"WebCfg - Status: Traffic Totals\" permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T12:23:37.606Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/9e412edf62113303c36c7f7d5a48b0a3fb0be893"
},
{
"tags": [
"issue-tracking"
],
"url": "https://redmine.pfsense.org/issues/16413"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-status-traffic-totals-stored-xss"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgate pfSense CE Status_Traffic_Totals Package v2.3.2_7 Stored Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34174",
"datePublished": "2025-09-09T20:02:05.701Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-11-20T12:23:37.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34173 (GCVE-0-2025-34173)
Vulnerability from cvelistv5 – Published: 2025-09-09 19:59 – Updated: 2025-11-20 12:23
VLAI?
Summary
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgate | pfSense CE |
Affected:
4.1.6_25
(custom)
|
Credits
Alex Williams (Pellera Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T20:18:33.100427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T20:18:41.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Snort",
"product": "pfSense CE",
"repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "4.1.6_25",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_plus:4.1.6_25:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams (Pellera Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: transparent;\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003e/usr/local/www/snort/snort_ip_reputation.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: transparent;\"\u003eiplist\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: transparent;\"\u003e parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: Snort package\" permissions.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In pfSense CE\u00a0/usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least \"WebCfg - Services: Snort package\" permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T12:23:55.690Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/d6f462bcc446969f8955c16cfde300d5c9ab7435"
},
{
"tags": [
"issue-tracking"
],
"url": "https://redmine.pfsense.org/issues/16412"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-snort-directory-traversal-information-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgate pfSense CE Snort package v4.1.6_25 Directory Traversal Information Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34173",
"datePublished": "2025-09-09T19:59:14.136Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-11-20T12:23:55.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34172 (GCVE-0-2025-34172)
Vulnerability from cvelistv5 – Published: 2025-09-09 19:43 – Updated: 2025-11-20 12:24
VLAI?
Summary
In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netgate | pfSense CE |
Affected:
0.63_10
(custom)
|
Credits
Alex Williams (Pellera Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T13:54:49.041338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T13:54:57.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "HAproxy",
"product": "pfSense CE",
"repo": "https://github.com/pfsense/FreeBSD-ports/tree/main",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "0.63_10",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense_plus:0.63_10:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Williams (Pellera Technologies)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn pfSense CE\u0026nbsp;\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e/usr/local/www/haproxy/haproxy_stats.php\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, the value of the \u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eshowsticktablecontent\u003c/span\u003e\u003c/tt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In pfSense CE\u00a0/usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T12:24:05.777Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/04d1328ab077830eb57a24bb7018c812b6358c64"
},
{
"tags": [
"issue-tracking"
],
"url": "https://redmine.pfsense.org/issues/16411"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/netgate-pf-sense-ce-ha-proxy-reflected-xss"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Netgate pfSense CE HAProxy Package 0.63_10 Reflected Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34172",
"datePublished": "2025-09-09T19:43:30.508Z",
"dateReserved": "2025-04-15T19:15:22.567Z",
"dateUpdated": "2025-11-20T12:24:05.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53392 (GCVE-0-2025-53392)
Vulnerability from cvelistv5 – Published: 2025-06-28 00:00 – Updated: 2025-06-30 13:32
VLAI?
Summary
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
Severity ?
5 (Medium)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53392",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T13:27:04.222331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T13:32:27.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/skraft9/pfsense-security-research"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "pfSense",
"vendor": "Netgate",
"versions": [
{
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.8.0",
"versionStartIncluding": "2.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Netgate pfSense CE 2.8.0, the \"WebCfg - Diagnostics: Command\" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier\u0027s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-28T22:27:49.881Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/skraft9/pfsense-security-research"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-53392",
"datePublished": "2025-06-28T00:00:00.000Z",
"dateReserved": "2025-06-28T00:00:00.000Z",
"dateUpdated": "2025-06-30T13:32:27.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29975 (GCVE-0-2023-29975)
Vulnerability from cvelistv5 – Published: 2023-11-09 00:00 – Updated: 2024-09-04 13:53
VLAI?
Summary
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.esecforte.com/cve-2023-29975-unverified-password-changed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:52:29.832801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T13:53:07.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T21:21:01.880034",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-29975-unverified-password-changed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29975",
"datePublished": "2023-11-09T00:00:00",
"dateReserved": "2023-04-07T00:00:00",
"dateUpdated": "2024-09-04T13:53:07.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29974 (GCVE-0-2023-29974)
Vulnerability from cvelistv5 – Published: 2023-11-08 00:00 – Updated: 2024-09-04 19:02
VLAI?
Summary
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:43.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.esecforte.com/cve-2023-29974-weak-password-policy/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:02:30.555844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:02:33.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T20:22:31.827867",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-29974-weak-password-policy/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29974",
"datePublished": "2023-11-08T00:00:00",
"dateReserved": "2023-04-07T00:00:00",
"dateUpdated": "2024-09-04T19:02:33.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29973 (GCVE-0-2023-29973)
Vulnerability from cvelistv5 – Published: 2023-10-24 00:00 – Updated: 2024-09-17 13:43
VLAI?
Summary
Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:21:44.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T15:52:21.909936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:43:23.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T22:13:18.640509",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29973",
"datePublished": "2023-10-24T00:00:00",
"dateReserved": "2023-04-07T00:00:00",
"dateUpdated": "2024-09-17T13:43:23.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19678 (GCVE-0-2020-19678)
Vulnerability from cvelistv5 – Published: 2023-04-06 00:00 – Updated: 2025-02-12 16:02
VLAI?
Summary
Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/8dj59053"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-19678",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:00:06.519802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:02:27.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.2ngon.com/2015/01/lfi-vulnerability-suricata-146-pkg-v101.html"
},
{
"url": "https://github.com/pfsense/pfsense-packages/commit/59ed3438729fd56452f58a0f79f0c288db982ac3"
},
{
"url": "https://pastebin.com/8dj59053"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19678",
"datePublished": "2023-04-06T00:00:00.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:02:27.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27100 (GCVE-0-2023-27100)
Vulnerability from cvelistv5 – Published: 2023-03-22 00:00 – Updated: 2025-02-25 21:10
VLAI?
Summary
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:01:32.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://redmine.pfsense.org/issues/13574"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27100",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:10:08.762346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:10:13.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/171791"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.netgate.com/downloads/pfSense-SA-23_05.sshguard.asc"
},
{
"url": "https://redmine.pfsense.org/issues/13574"
},
{
"url": "http://packetstormsecurity.com/files/171791/pfsenseCE-2.6.0-Protection-Bypass.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27100",
"datePublished": "2023-03-22T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-25T21:10:13.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40624 (GCVE-0-2022-40624)
Vulnerability from cvelistv5 – Published: 2022-12-20 00:00 – Updated: 2025-04-17 13:50
VLAI?
Summary
pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dhammon/pfBlockerNg-RCE"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dhammon/pfBlockerNg-CVE-2022-40624"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40624",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:50:37.467864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:50:54.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html"
},
{
"url": "https://github.com/dhammon/pfBlockerNg-RCE"
},
{
"url": "https://github.com/dhammon/pfBlockerNg-CVE-2022-40624"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40624",
"datePublished": "2022-12-20T00:00:00.000Z",
"dateReserved": "2022-09-13T00:00:00.000Z",
"dateUpdated": "2025-04-17T13:50:54.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42247 (GCVE-0-2022-42247)
Vulnerability from cvelistv5 – Published: 2022-10-03 15:31 – Updated: 2024-08-03 13:03
VLAI?
Summary
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/enferas/b4ca7a4fb52e1b5e698f87e4d655a70a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pfsense/pfsense/commit/73ca6743954ac9f35ca293e3f2af63eac20cf32e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-03T15:31:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/enferas/b4ca7a4fb52e1b5e698f87e4d655a70a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pfsense/pfsense/commit/73ca6743954ac9f35ca293e3f2af63eac20cf32e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-42247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/enferas/b4ca7a4fb52e1b5e698f87e4d655a70a",
"refsource": "MISC",
"url": "https://gist.github.com/enferas/b4ca7a4fb52e1b5e698f87e4d655a70a"
},
{
"name": "https://github.com/pfsense/pfsense/commit/73ca6743954ac9f35ca293e3f2af63eac20cf32e",
"refsource": "MISC",
"url": "https://github.com/pfsense/pfsense/commit/73ca6743954ac9f35ca293e3f2af63eac20cf32e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42247",
"datePublished": "2022-10-03T15:31:48",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26019 (GCVE-0-2022-26019)
Vulnerability from cvelistv5 – Published: 2022-03-31 07:21 – Updated: 2024-08-03 04:56
VLAI?
Summary
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pfSense | pfSense CE and pfSense Plus |
Affected:
pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pfSense CE and pfSense Plus",
"vendor": "pfSense",
"versions": [
{
"status": "affected",
"version": "pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T07:21:31",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pfSense CE and pfSense Plus",
"version": {
"version_data": [
{
"version_value": "pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01"
}
]
}
}
]
},
"vendor_name": "pfSense"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN87751554/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
},
{
"name": "https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.asc",
"refsource": "MISC",
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_01.webgui.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26019",
"datePublished": "2022-03-31T07:21:31",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24299 (GCVE-0-2022-24299)
Vulnerability from cvelistv5 – Published: 2022-03-31 07:21 – Updated: 2024-08-03 04:07
VLAI?
Summary
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pfSense | pfSense CE and pfSense Plus |
Affected:
pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pfSense CE and pfSense Plus",
"vendor": "pfSense",
"versions": [
{
"status": "affected",
"version": "pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T07:21:07",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-24299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pfSense CE and pfSense Plus",
"version": {
"version_data": [
{
"version_value": "pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01"
}
]
}
}
]
},
"vendor_name": "pfSense"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN87751554/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
},
{
"name": "https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.asc",
"refsource": "MISC",
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_03.webgui.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-24299",
"datePublished": "2022-03-31T07:21:07",
"dateReserved": "2022-03-06T00:00:00",
"dateUpdated": "2024-08-03T04:07:02.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20729 (GCVE-0-2021-20729)
Vulnerability from cvelistv5 – Published: 2022-03-31 07:20 – Updated: 2024-08-03 17:53
VLAI?
Summary
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pfSense | pfSense CE and pfSense Plus |
Affected:
pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pfSense CE and pfSense Plus",
"vendor": "pfSense",
"versions": [
{
"status": "affected",
"version": "pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T07:20:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pfSense CE and pfSense Plus",
"version": {
"version_data": [
{
"version_value": "pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier"
}
]
}
}
]
},
"vendor_name": "pfSense"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc",
"refsource": "MISC",
"url": "https://docs.netgate.com/downloads/pfSense-SA-21_02.captiveportal.asc"
},
{
"name": "https://jvn.jp/en/jp/JVN87751554/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN87751554/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20729",
"datePublished": "2022-03-31T07:20:29",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:21.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21132 (GCVE-0-2022-21132)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
VLAI?
Summary
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pfSense | pfSense-pkg-WireGuard |
Affected:
pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN85572374/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pfSense-pkg-WireGuard",
"vendor": "pfSense",
"versions": [
{
"status": "affected",
"version": "pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:34",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN85572374/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pfSense-pkg-WireGuard",
"version": {
"version_data": [
{
"version_value": "pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1"
}
]
}
}
]
},
"vendor_name": "pfSense"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard",
"refsource": "MISC",
"url": "https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-WireGuard"
},
{
"name": "https://jvn.jp/en/jp/JVN85572374/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN85572374/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21132",
"datePublished": "2022-03-07T09:00:34",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-08-03T02:31:59.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41282 (GCVE-0-2021-41282)
Vulnerability from cvelistv5 – Published: 2022-03-01 22:45 – Updated: 2024-08-04 03:08
VLAI?
Summary
diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.shielder.it/advisories/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.shielder.it/advisories/pfsense-remote-command-execution/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-04T18:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.shielder.it/advisories/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.shielder.it/advisories/pfsense-remote-command-execution/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (i.e., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.shielder.it/advisories/",
"refsource": "MISC",
"url": "https://www.shielder.it/advisories/"
},
{
"name": "https://www.shielder.it/advisories/pfsense-remote-command-execution/",
"refsource": "MISC",
"url": "https://www.shielder.it/advisories/pfsense-remote-command-execution/"
},
{
"name": "https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html",
"refsource": "MISC",
"url": "https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html"
},
{
"name": "http://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166208/pfSense-2.5.2-Shell-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41282",
"datePublished": "2022-03-01T22:45:03",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T03:08:31.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23993 (GCVE-0-2022-23993)
Vulnerability from cvelistv5 – Published: 2022-01-26 18:22 – Updated: 2024-08-03 03:59
VLAI?
Summary
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST[\u0027pkg_filter\u0027] in a PHP echo call, causing XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-06T20:20:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST[\u0027pkg_filter\u0027] in a PHP echo call, causing XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb",
"refsource": "MISC",
"url": "https://github.com/pfsense/pfsense/commit/5d82cce0d615a76b738798577a28a15803e59aeb"
},
{
"name": "https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc",
"refsource": "MISC",
"url": "https://docs.netgate.com/downloads/pfSense-SA-22_04.webgui.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23993",
"datePublished": "2022-01-26T18:22:26",
"dateReserved": "2022-01-26T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26693 (GCVE-0-2020-26693)
Vulnerability from cvelistv5 – Published: 2021-06-01 14:30 – Updated: 2024-08-04 15:56
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:05.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pfsense/pfsense/commit/a220a22a8c05c10a7b875ac6b565f2c4fe7b251c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T14:30:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pfsense/pfsense/commit/a220a22a8c05c10a7b875ac6b565f2c4fe7b251c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pfsense/pfsense/commit/a220a22a8c05c10a7b875ac6b565f2c4fe7b251c",
"refsource": "MISC",
"url": "https://github.com/pfsense/pfsense/commit/a220a22a8c05c10a7b875ac6b565f2c4fe7b251c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26693",
"datePublished": "2021-06-01T14:30:04",
"dateReserved": "2020-10-07T00:00:00",
"dateUpdated": "2024-08-04T15:56:05.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27933 (GCVE-0-2021-27933)
Vulnerability from cvelistv5 – Published: 2021-04-28 06:30 – Updated: 2024-08-03 21:33
VLAI?
Summary
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210427 XSS stored in PFSense 2.5.0 CVE-2021-27933",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/61"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T06:30:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20210427 XSS stored in PFSense 2.5.0 CVE-2021-27933",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Apr/61"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210427 XSS stored in PFSense 2.5.0 CVE-2021-27933",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Apr/61"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27933",
"datePublished": "2021-04-28T06:30:59",
"dateReserved": "2021-03-03T00:00:00",
"dateUpdated": "2024-08-03T21:33:16.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18667 (GCVE-0-2019-18667)
Vulnerability from cvelistv5 – Published: 2019-11-02 15:07 – Updated: 2024-08-05 01:54
VLAI?
Summary
/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da346afca66dc244e02a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T20:42:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da346afca66dc244e02a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da346afca66dc244e02a",
"refsource": "MISC",
"url": "https://github.com/pfsense/FreeBSD-ports/commit/30b22b6b0db7b73732a5da346afca66dc244e02a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18667",
"datePublished": "2019-11-02T15:07:51",
"dateReserved": "2019-11-02T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10709 (GCVE-0-2016-10709)
Vulnerability from cvelistv5 – Published: 2018-01-22 04:00 – Updated: 2024-08-06 03:30
VLAI?
Summary
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf"
},
{
"name": "39709",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39709/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a \u0027|\u0027 character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-22T03:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf"
},
{
"name": "39709",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39709/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a \u0027|\u0027 character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/exploit/unix/http/pfsense_graph_injection_exec"
},
{
"name": "https://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf",
"refsource": "MISC",
"url": "https://www.security-assessment.com/files/documents/advisory/pfsenseAdvisory.pdf"
},
{
"name": "39709",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39709/"
},
{
"name": "https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc",
"refsource": "MISC",
"url": "https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10709",
"datePublished": "2018-01-22T04:00:00",
"dateReserved": "2018-01-21T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4694 (GCVE-0-2014-4694)
Vulnerability from cvelistv5 – Published: 2014-07-02 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-02T04:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc",
"refsource": "CONFIRM",
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4694",
"datePublished": "2014-07-02T10:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4696 (GCVE-0-2014-4696)
Vulnerability from cvelistv5 – Published: 2014-07-02 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-02T04:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc",
"refsource": "CONFIRM",
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4696",
"datePublished": "2014-07-02T10:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4693 (GCVE-0-2014-4693)
Vulnerability from cvelistv5 – Published: 2014-07-02 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-02T04:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc",
"refsource": "CONFIRM",
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4693",
"datePublished": "2014-07-02T10:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4695 (GCVE-0-2014-4695)
Vulnerability from cvelistv5 – Published: 2014-07-02 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-02T04:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc",
"refsource": "CONFIRM",
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4695",
"datePublished": "2014-07-02T10:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4197 (GCVE-0-2011-4197)
Vulnerability from cvelistv5 – Published: 2012-01-03 19:00 – Updated: 2024-08-07 00:01
VLAI?
Summary
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51169",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e"
},
{
"name": "20111222 [MATTA-2011-001] pfSense x509 Insecure Certificate Creation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0152.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustmatta.com/advisories/MATTA-2011-001.txt"
},
{
"name": "pfsense-x509-security-bypass(71969)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71969"
},
{
"name": "77982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77982"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "51169",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e"
},
{
"name": "20111222 [MATTA-2011-001] pfSense x509 Insecure Certificate Creation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0152.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustmatta.com/advisories/MATTA-2011-001.txt"
},
{
"name": "pfsense-x509-security-bypass(71969)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71969"
},
{
"name": "77982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77982"
},
{
"name": "46780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51169"
},
{
"name": "https://github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894",
"refsource": "CONFIRM",
"url": "https://github.com/bsdperimeter/pfsense/commit/87b4deb2b2dae9013e6aa0fe490d6a5a04a27894"
},
{
"name": "https://github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e",
"refsource": "CONFIRM",
"url": "https://github.com/bsdperimeter/pfsense/commit/1379d66f11aaf72982a70287b83e24efcd18898e"
},
{
"name": "20111222 [MATTA-2011-001] pfSense x509 Insecure Certificate Creation",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0152.html"
},
{
"name": "https://www.trustmatta.com/advisories/MATTA-2011-001.txt",
"refsource": "MISC",
"url": "https://www.trustmatta.com/advisories/MATTA-2011-001.txt"
},
{
"name": "pfsense-x509-security-bypass(71969)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71969"
},
{
"name": "77982",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77982"
},
{
"name": "46780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4197",
"datePublished": "2012-01-03T19:00:00",
"dateReserved": "2011-10-26T00:00:00",
"dateUpdated": "2024-08-07T00:01:51.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}