4 matches found
pfSense 2.4.x < 2.4.4-p1 Multiple Vulnerabilities (SA-18_09)
According to its self-reported version number, the remote pfSense install is a version 2.4.x prior to 2.4.4-p1. It is, therefore, affected by multiple vulnerabilities, including the following: - An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE...
CVE-2018-4019
creationtimestamp| type| source ---|---|--- 2018-12-06 17:58:41+00:00| seen| MISP/5c096266-ed20-42e5-a389-515d0a021402 2022-01-28 05:51:53+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/125...
CVE-2018-4019
Netgate pfSense CE 2.4.4-RELEASE is affected by three remote command-injection vulnerabilities in the POST handling of system_advanced_misc.php (powerd_normal_mode, powerd_ac_mode, powerd_battery_mode). An attacker must authenticate to the pfSense web admin interface to exploit these via crafted ...
Netgate pfSense system_advanced_misc.php multiple remote command injection vulnerabilities
Summary Three exploitable command injection vulnerabilities exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send...