Lucene search
HistoryJul 02, 2014 - 10:35 a.m.
CVE-2014-4688
pfsense
security vulnerability
authenticated users
arbitrary commands
nvd
cve-2014-4688
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.4%
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
Affected configurations
Node
netgatepfsenseRangeβ€2.1.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| netgate:pfsense | netgate pfsense | le | 2.1.3 |
Related
seebug
seebug
PfSenseε½δ»€ζ³¨ε
₯ζΌζ΄
2015-10-10 00:00:00
exploitpack
exploitpack
pfSense 2.1.4 - status_rrd_graph_img.php Command Injection
2018-01-15 00:00:00
cvelist
cvelist
CVE-2014-4688
2014-07-02 10:00:00
nvd
nvd
CVE-2014-4688
2014-07-02 10:35:25
zdt
zdt
pfSense < 2.1.4 - status_rrd_graph_img.php Command Injection Exploit
2018-01-15 00:00:00
packetstorm
packetstorm
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
2018-01-15 00:00:00
prion
prion
Code injection
2014-07-02 10:35:00
exploitdb
exploitdb
pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection
2018-01-15 00:00:00
openvas
openvas
pfSense Multiple Vulnerabilities - 01 (Sep 2015)
2015-09-04 00:00:00
nessus
nessus
pfSense < 2.1.4 Multiple Vulnerabilities (SA-14_08 - SA-14_12)
2018-01-31 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.4%
Related for CVE-2014-4688