Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-16667 — Cross-Site Request Forgery in Pfsense

CWE-352 — Cross-Site Request Forgery4 documents4 sources
Severity
8.8HIGHNVD
EPSS
56.1%
top 1.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Netgate Pfsense
Timeline
PublishedSep 26
Latest updateMay 24

Description

diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

â–¶NVDnetgate/pfsense2.4.4

🔴Vulnerability Details

2
GHSA
GHSA-4wg3-58cf-qv2h: diag_command↗2022-05-24
â–¶
CVEList
CVE-2019-16667: diag_command↗2019-09-26
â–¶

💥Exploits & PoCs

1
Exploit-DB
pfSense 2.4.4-p3 - Cross-Site Request Forgery↗2020-07-26
â–¶
CVE-2019-16667 — Cross-Site Request Forgery in Pfsense | cvebase