Lucene search

[email protected]CVE-2023-27253

HistoryMar 17, 2023 - 10:15 p.m.

CVE-2023-27253

2023-03-1722:15:11

CWE-91

[email protected]

web.nvd.nist.gov

cve-2023-27253

command injection

netgate

pfsense

security vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.481 Medium

EPSS

Percentile

97.5%

JSON

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

Affected configurations

NVD

Node

netgatepfsenseMatch2.7.0

CPENameOperatorVersion
netgate:pfsensenetgate pfsenseeq2.7.0

CPE	Name	Operator	Version
netgate:pfsense	netgate pfsense	eq	2.7.0

References

packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.html

github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94

redmine.pfsense.org/issues/13935

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.481 Medium

EPSS

Percentile

97.5%

JSON

Related for CVE-2023-27253

prion1 zdt1 packetstorm1 cvelist1 nvd1 osv1 exploitdb1 rapid7blog1