CVE-2015-2295
published 2015-04-10CVE-2015-2295: Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to…
PriorityP358medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
65.93%
99.2th percentile
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgate | pfsense | <= 2.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to /system_firmware_restorefullbackup.php containing the 'deletefile' parameter, especially with path traversal sequences (e.g., '../') indicating arbitrary file deletion attempts. ↗
- →Alert on unauthenticated or cross-origin POST/GET requests to /system_firmware_restorefullbackup.php, as the vulnerability stems from missing HTTP request origin validation enabling CSRF-driven file deletion with root privileges. ↗
- ·The CSRF exploit requires the administrator to be authenticated and tricked into visiting a malicious page; the attack vector is network-based but requires social engineering of a logged-in admin session. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/131022/pfSense-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/534987/100/0/threadedhttp://www.securityfocus.com/bid/73344https://www.exploit-db.com/exploits/36506/https://www.htbridge.com/advisory/HTB23251https://www.pfsense.org/security/advisories/pfSense-SA-15_04.webgui.aschttp://packetstormsecurity.com/files/131022/pfSense-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/534987/100/0/threadedhttp://www.securityfocus.com/bid/73344https://www.exploit-db.com/exploits/36506/https://www.htbridge.com/advisory/HTB23251https://www.pfsense.org/security/advisories/pfSense-SA-15_04.webgui.asc
2015-04-10
Published