Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability
EPSS
Percentile
96.3%
__
Brandon Stultz of Cisco Talos discovered these vulnerabilities.
Executive summary
Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Netgate to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability (TALOS-2018-0690 / CVE-2018-4019)
This command injection vulnerability in Netgate pfSense is due to lack of sanitization on the βpowerd_normal_modeβ parameter in POST requests to βsystem_advanced_misc.phpβ. When processing requests to β/system_advanced_misc.phpβ, Netgate pfSense firewall does not properly sanitize the βpowerd_normal_modeβ POST parameter.
For more information on this vulnerability, read the full advisory here.
Netgate pfSense system_advanced_misc.php powerd_ac_mode Remote Command Injection Vulnerability (TALOS-2018-0690 / CVE-2018-4020) **
**A command injection vulnerability in Netgate pfSense exists due to the lack of sanitization on the 'powerd_ac_modeβparameter in POST requests to βsystem_advanced_misc.phpβ. When processing requests to β/system_advanced_misc.phpβ, Netgate pfSense firewall does not properly sanitize the βpowerd_ac_modeβ POST parameter. **
** For more information on this vulnerability, read the full advisory here.
Netgate pfSense system_advanced_misc.php powerd_ac_mode Remote Command Injection Vulnerability (TALOS-2018-0690 / CVE-2018-4021)
** ** A command injection vulnerability in Netgate pfSense exists due to the lack of sanitization on the powerd_battery_modeβ, parameter in POST requests to βsystem_advanced_misc.phpβ. When processing requests to β/system_advanced_misc.phpβ, Netgate pfSense firewall does not properly sanitize the βpowerd_battery_modeβ POST parameter.
** ** For more information on this vulnerability, read the full advisory here.
Conclusion
Cisco Talso tested and confirmed that Netgate pfSense CE 2.4.4-RELEASE is affected by these vulnerabilities.
Coverage
The following SNORTβ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 48178
Related
