CVE-2014-4689 — Path Traversal in Pfsense

CWE-22 — Path Traversal2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 76.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgate Pfsense

Timeline

PublishedJul 2

Latest updateMay 14

Description

Absolute path traversal vulnerability in pkg_edit.php in pfSense before 2.1.4 allows remote attackers to read arbitrary XML files via a full pathname in the xml parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDnetgate/pfsense2.1.3

🔴Vulnerability Details

GHSA

GHSA-w63g-ppv3-jp39: Absolute path traversal vulnerability in pkg_edit↗2022-05-14

▶