pfSense < 2.4.5 Multiple Vulnerabilities

According to its self-reported version number, the remote pfSense install is to 2.4.5. It is, therefore, affected by multiple vulnerabilities, including the following: - In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a...

pfSense Cross-Site Request Forgery Vulnerability (CNVD-2019-43356)

pfsense is an open source routing and firewall software , based on freebsd system customization and development . pfSense 2.4.4-p3 in diagcommand.php cross-site request forgery vulnerability. An attacker can exploit this vulnerability to execute OS commands via the txtCommand or txtRecallBuffer...

CVE-2019-16667

diagcommand.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrfcallback produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing...

CVE-2019-16667

pfSense 2.4.4-p3 is affected by a Cross‑Site Request Forgery vulnerability in diag_command.php. The issue allows CSRF via the txtCommand or txtRecallBuffer fields, with evidence describing exploitation as OS commands being executed due to csrf_callback() returning a “CSRF token expired” error and...

CVE-2019-16667

diagcommand.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrfcallback produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing...