CVE-2023-48123Pfsense vulnerability

3 documents3 sources
Severity
8.8HIGHNVD
EPSS
68.2%
top 1.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgate PfsenseNetgate Pfsense Plus
Timeline
PublishedDec 6

Description

An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDnetgate/pfsense2.7.0

Patches

Patch: github.comPatch: redmine.pfsense.orgPatch: github.com

🔴Vulnerability Details

2
CVEList
CVE-2023-48123: An issue in Netgate pfSense Plus v2023-12-06
GHSA
GHSA-g9j7-3mmj-7gq9: An issue in Netgate pfSense Plus v2023-12-06
CVE-2023-48123 — Netgate Pfsense vulnerability | cvebase