Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.PFSENSE_SA-16_02.NASL
HistoryJan 31, 2018 - 12:00 a.m.

pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)

2018-01-3100:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
98
JSON

According to its self-reported version number, the remote pfSense install is prior to 2.3. It is, therefore, affected by multiple vulnerabilities.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(106499);
  script_version("1.13");
  script_cvs_date("Date: 2019/11/08");

  script_cve_id(
    "CVE-2015-3197",
    "CVE-2015-5300",
    "CVE-2015-7973",
    "CVE-2015-7974",
    "CVE-2015-7975",
    "CVE-2015-7976",
    "CVE-2015-7977",
    "CVE-2015-7978",
    "CVE-2015-7979",
    "CVE-2015-8138",
    "CVE-2015-8139",
    "CVE-2015-8140",
    "CVE-2015-8158",
    "CVE-2016-0702",
    "CVE-2016-0703",
    "CVE-2016-0704",
    "CVE-2016-0705",
    "CVE-2016-0777",
    "CVE-2016-0778",
    "CVE-2016-0797",
    "CVE-2016-0798",
    "CVE-2016-0799",
    "CVE-2016-0800",
    "CVE-2016-1879",
    "CVE-2016-1882",
    "CVE-2016-1885",
    "CVE-2016-10709"
  );
  script_bugtraq_id(
    77312,
    80695,
    80698,
    80704,
    80754,
    81811,
    81814,
    81815,
    81816,
    81959,
    81960,
    81962,
    81963,
    82102,
    82105,
    82237,
    83705,
    83733,
    83743,
    83754,
    83755,
    83763,
    83764
  );
  script_xref(name:"CERT", value:"583776");
  script_xref(name:"CERT", value:"718152");
  script_xref(name:"EDB-ID", value:"39570");
  script_xref(name:"FreeBSD", value:"SA-16:01.sctp");
  script_xref(name:"FreeBSD", value:"SA-16:02.ntp");
  script_xref(name:"FreeBSD", value:"SA-16:05.tcp");
  script_xref(name:"FreeBSD", value:"SA-16:07.openssh");
  script_xref(name:"FreeBSD", value:"SA-16:09.ntp");
  script_xref(name:"FreeBSD", value:"SA-16:11.openssl");
  script_xref(name:"FreeBSD", value:"SA-16:12.openssl");
  script_xref(name:"FreeBSD", value:"SA-16:15.sysarch");

  script_name(english:"pfSense < 2.3 Multiple Vulnerabilities (SA-16_01 - SA-16_02)");
  script_summary(english:"Checks the version of pfSense.");

  script_set_attribute(attribute:"synopsis", value:
"The remote firewall host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote pfSense
install is prior to 2.3. It is, therefore, affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"see_also", value:"https://doc.pfsense.org/index.php/2.3_New_Features_and_Changes");
  # https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b03b53c4");
  # https://www.pfsense.org/security/advisories/pfSense-SA-16_02.webgui.asc
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b296df96");
  script_set_attribute(attribute:"solution", value:
"Upgrade to pfSense version 2.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0799");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'pfSense authenticated graph status RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/31");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pfsense:pfsense");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:bsdperimeter:pfsense");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Firewalls");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("pfsense_detect.nbin");
  script_require_keys("Host/pfSense");

  exit(0);
}

include("vcf.inc");
include("vcf_extras.inc");

if (!get_kb_item("Host/pfSense")) audit(AUDIT_HOST_NOT, "pfSense");

app_info = vcf::pfsense::get_app_info();
constraints = [
  { "fixed_version" : "2.3"}
];

vcf::pfsense::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE,
  flags:{xss:TRUE}
);
VendorProductVersionCPE
pfsensepfsensecpe:/a:pfsense:pfsense
bsdperimeterpfsensecpe:/a:bsdperimeter:pfsense

References

Related

nessus 50
suse 16
openvas 43
freebsd 2
freebsd_advisory 2
cisco 2
symantec 2
mageia 2
slackware 2
paloalto 2
ibm 43
openwrt 1
arista 1
gentoo 1
aix 2
fedora 1
amazon 3
nodejsblog 1
centos 2
oraclelinux 1
cloudfoundry 1
redhat 6
ubuntu 1
archlinux 2
altlinux 4
debian 1
osv 1
cert 1
f5 1
checkpoint_advisories 1
seebug 1
nessus
nessus
openSUSE Security Update : ntp (openSUSE-2016-578)
2016-05-13 00:00:00
SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1)
2016-05-02 00:00:00
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1177-1)
2016-05-02 00:00:00
suse
suse
Security update for ntp (important)
2016-04-28 19:09:34
Security update for ntp (important)
2016-05-12 21:07:47
Security update for ntp (important)
2016-04-28 19:13:09
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1175-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1177-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for ntp (openSUSE-SU-2016:1292-1)
2016-05-17 00:00:00
freebsd
freebsd
ntp -- multiple vulnerabilities
2016-01-20 00:00:00
FreeBSD -- Multiple OpenSSL vulnerabilities
2016-03-10 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:09.ntp
2016-01-27 00:00:00
FreeBSD-SA-16:12.openssl
2016-03-10 00:00:00
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016
2016-01-27 20:00:00
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
2016-03-02 12:30:00
symantec
symantec
SA113 : January 2016 NTP Security Vulnerabilities
2016-03-03 08:00:00
SA117 : OpenSSL Vulnerabilities 1-Mar-2016
2016-03-07 08:00:00
mageia
mageia
Updated ntp packages fix security vulnerability
2016-01-29 14:02:50
Updated openssl packages fix security vulnerabilities
2016-03-02 21:28:46
slackware
slackware
[slackware-security] ntp
2016-02-23 19:51:20
[slackware-security] openssl
2016-03-03 06:56:40
paloalto
paloalto
NTP Vulnerabilities
2016-08-15 00:00:00
OpenSSL Vulnerabilities
2016-10-18 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect PowerKVM
2018-06-18 01:30:44
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704)
2020-07-24 22:49:37
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
2018-08-03 04:23:43
openwrt
openwrt
openssl: Security update (9 CVEs)
2016-03-01 16:52:09
arista
arista
Security Advisory 0018
2016-03-01 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-03-20 00:00:00
aix
aix
Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS
2016-06-08 13:17:48
Multiple vulnerabilities in OpenSSL affect AIX
2016-04-04 11:04:25
fedora
fedora
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-36.fc23
2016-01-30 18:28:19
amazon
amazon
Important: ntp
2016-02-09 13:30:00
Important: openssl
2016-03-10 16:30:00
Important: openssl098e
2016-04-06 14:40:00
nodejsblog
nodejsblog
OpenSSL updates, 1.0.2g and 1.0.1s
2016-02-29 00:00:00
centos
centos
openssl security update
2016-03-01 16:09:29
openssl098e security update
2016-03-09 05:32:33
oraclelinux
oraclelinux
openssl security update
2016-03-01 00:00:00
cloudfoundry
cloudfoundry
USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry
2016-03-24 00:00:00
redhat
redhat
(RHSA-2016:0379) Important: rhev-hypervisor security, bug fix and enhancement update
2016-03-09 00:00:00
(RHSA-2016:0301) Important: openssl security update
2016-03-01 00:00:00
(RHSA-2016:0304) Important: openssl security update
2016-03-01 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-03-01 00:00:00
archlinux
archlinux
lib32-openssl: multiple issues
2016-03-07 00:00:00
openssl: multiple issues
2016-03-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2g-alt1
2016-03-01 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2g-alt1
2016-03-01 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1s-alt0.M70P.1
2016-03-02 00:00:00
debian
debian
[SECURITY] [DSA 3500-1] openssl security update
2016-03-01 14:35:09
osv
osv
openssl - security update
2016-03-01 00:00:00
cert
cert
NTP.org ntpd contains multiple vulnerabilities
2016-04-27 00:00:00
f5
f5
SOL95463126 - OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704
2016-03-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Secure Sockets Layer (SSL) Version 2.0 (CVE-2016-0703; CVE-2016-0704; CVE-2016-0800)
2014-03-18 00:00:00
seebug
seebug
Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
2016-03-02 00:00:00
JSON
Related for PFSENSE_SA-16_02.NASL
nessus50suse16openvas43freebsd2freebsd_advisory2cisco2symantec2mageia2slackware2paloalto2ibm43openwrt1arista1gentoo1aix2fedora1amazon3nodejsblog1centos2oraclelinux1cloudfoundry1redhat6ubuntu1archlinux2altlinux4debian1osv1cert1f51checkpoint_advisories1seebug1