4 matches found
pfSense 2.4.x < 2.4.4-p1 Multiple Vulnerabilities (SA-18_09)
According to its self-reported version number, the remote pfSense install is a version 2.4.x prior to 2.4.4-p1. It is, therefore, affected by multiple vulnerabilities, including the following: - An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE...
CVE-2018-4020
creationtimestamp| type| source ---|---|--- 2018-12-06 17:58:41+00:00| seen| MISP/5c096266-ed20-42e5-a389-515d0a021402 2022-01-28 05:51:53+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/125...
CVE-2018-4020
PfSense CE 2.4.4-RELEASE is affected by three command-injection vulnerabilities in POST handlers of system_advanced_misc.php, via powerd_normal_mode, powerd_ac_mode, and powerd_battery_mode parameters. The root cause is improper sanitization of these POST values, allowing an authenticated attacke...
Netgate pfSense system_advanced_misc.php multiple remote command injection vulnerabilities
Summary Three exploitable command injection vulnerabilities exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send...