Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310105329
HistoryAug 21, 2015 - 12:00 a.m.

pfSense Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

2015-08-2100:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
32

6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.88 High

EPSS

Percentile

98.7%

JSON

pfSense is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:pfsense:pfsense";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105329");
  script_cve_id("CVE-2015-2294", "CVE-2015-2295");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_version("2023-07-25T05:05:58+0000");

  script_name("pfSense Cross Site Scripting and Cross Site Request Forgery Vulnerabilities");

  script_xref(name:"URL", value:"https://www.pfsense.org/security/advisories/pfSense-SA-15_04.webgui.asc");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/73344");

  script_tag(name:"impact", value:"An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting
user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify
sensitive information. Other attacks may also be possible.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"A vulnerability was discovered in the pfSense WebGUI that could lead to arbitrary file deletion.

Insufficient validation of the HTTP request origin and the 'deletefile' HTTP GET parameter in the '/system_firmware_restorefullbackup.php' script
can lead to arbitrary file deletion. A remote attacker can trick a log-in administrator into visiting a malicious page with CSRF exploit and delete
arbitrary files on the target system with root privileges.");

  script_tag(name:"solution", value:"Upgrade to pfSense 2.2.1 or later.");
  script_tag(name:"summary", value:"pfSense is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability.");
  script_tag(name:"affected", value:"pfSense < 2.2.1");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
  script_tag(name:"creation_date", value:"2015-08-21 15:06:51 +0200 (Fri, 21 Aug 2015)");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_dependencies("gb_pfsense_detect.nasl");
  script_mandatory_keys("pfsense/installed");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! version = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );

if( version_is_less( version:version, test_version:"2.2.1" ) )
{
  report = 'Installed version: ' + version + '\n' +
           'Fixed version:     2.2.1';
  security_message( port:0, data:report );
  exit( 0 );
}

exit( 99 );

Related

securityvulns 2
htbridge 1
nessus 1
exploitpack 1
packetstorm 1
exploitdb 1
kaspersky 1
cve 2
zdt 1
checkpoint_advisories 2
prion 2
securityvulns
securityvulns
Arbitrary file deletion and multiple XSS vulnerabilities in pfSense
2015-05-11 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-05-11 00:00:00
htbridge
htbridge
Arbitrary file deletion and multiple XSS vulnerabilities in pfSense
2015-03-04 00:00:00
nessus
nessus
pfSense < 2.2.1 Multiple Vulnerabilities (SA-15_02 - SA-15_04)
2018-01-31 00:00:00
exploitpack
exploitpack
pfSense 2.2 - Multiple Vulnerabilities
2015-03-26 00:00:00
packetstorm
packetstorm
pfSense 2.2 Cross Site Request Forgery / Cross Site Scripting
2015-03-25 00:00:00
exploitdb
exploitdb
pfSense 2.2 - Multiple Vulnerabilities
2015-03-26 00:00:00
kaspersky
kaspersky
KLA10528 Code injection vulnerability in pfsense
2015-04-01 00:00:00
cve
cve
CVE-2015-2295
2015-04-10 15:00:00
CVE-2015-2294
2015-04-01 14:59:00
zdt
zdt
pfSense 2.2 - Multiple Vulnerabilities
2015-03-27 00:00:00
checkpoint_advisories
checkpoint_advisories
ESF pfSense webgui deletefile Directory Traversal (CVE-2015-2295)
2015-05-07 00:00:00
ESF pfSense status_captiveportal Cross Site Scripting (CVE-2015-2294)
2015-04-14 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-04-10 15:00:00
Cross site scripting
2015-04-01 14:59:00

6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.88 High

EPSS

Percentile

98.7%

JSON
Related for OPENVAS:1361412562310105329
securityvulns2htbridge1nessus1exploitpack1packetstorm1exploitdb1kaspersky1cve2zdt1checkpoint_advisories2prion2