Lucene search

K
cveMitreCVE-2022-31814
HistorySep 05, 2022 - 4:15 p.m.

CVE-2022-31814

2022-09-0516:15:08
CWE-78
mitre
web.nvd.nist.gov
94
14
40
cve-2022-31814
pfsense
pfblockerng
remote code execution
http
security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.971

Percentile

99.8%

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

Affected configurations

Nvd
Node
netgatepfblockerngRange2.1.4_26pfsense
VendorProductVersionCPE
netgatepfblockerng*cpe:2.3:a:netgate:pfblockerng:*:*:*:*:*:pfsense:*:*

Social References

More

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.971

Percentile

99.8%