CVE-2014-4696Pfsense vulnerability

3 documents3 sources
Severity
5.8MEDIUMNVD
EPSS
0.0%
top 85.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgate PfsensePfsense Suricata Package
Timeline
PublishedJul 2
Latest updateMay 14

Description

Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDnetgate/pfsense2.1.4+1

🔴Vulnerability Details

2
GHSA
GHSA-xw27-367x-744q: Multiple open redirect vulnerabilities in the Suricata package before 12022-05-14
CVEList
CVE-2014-4696: Multiple open redirect vulnerabilities in the Suricata package before 12014-07-02
CVE-2014-4696 — Netgate Pfsense vulnerability | cvebase