Netgate Pfsense vulnerabilities
51 known vulnerabilities affecting netgate/pfsense.
Total CVEs
51
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH17MEDIUM31
Vulnerabilities
Page 1 of 3
CVE-2023-27253P2HIGHCVSS 8.8PoCv2.7.02023-03-17
CVE-2023-27253 [HIGH] CWE-91 CVE-2023-27253: A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
nvd
CVE-2019-16667P2HIGHCVSS 8.8PoCv2.4.42019-09-26
CVE-2019-16667 [HIGH] CWE-352 CVE-2019-16667: diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as dem
diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing.
nvd
CVE-2019-16701P2HIGHCVSS 8.8PoC≥ 2.3.4, < 2.4.4v2.4.42019-09-25
CVE-2019-16701 [HIGH] CWE-78 CVE-2019-16701: pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document wi
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
nvd
CVE-2017-1000479P2HIGHCVSS 8.8PoC≤ 2.4.12018-01-03
CVE-2017-1000479 [HIGH] CWE-352 CVE-2017-1000479: pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resul
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 0
nvd
CVE-2015-2295P3MEDIUMCVSS 6.8PoC≤ 2.22015-04-10
CVE-2015-2295 [MEDIUM] CWE-352 CVE-2015-2295: Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebG
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
nvd
CVE-2019-12347P3MEDIUMCVSS 6.1PoCv2.4.42019-05-29
CVE-2019-12347 [MEDIUM] CWE-79 CVE-2019-12347: In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
nvd
CVE-2023-42326P2HIGHCVSS 8.8≤ 2.7.02023-11-14
CVE-2023-42326 [HIGH] CWE-77 CVE-2023-42326: An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
nvd
CVE-2023-48123P2HIGHCVSS 8.8≤ 2.7.02023-12-06
CVE-2023-48123 [HIGH] CVE-2023-48123: An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacke
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
nvd
CVE-2025-12490P2HIGHCVSS 8.8vpfSense 2.8.1, Suricata package 7.0.8_32025-11-06
CVE-2025-12490 [HIGH] CWE-22 CVE-2025-12490: Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability a
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Suricata package. The issue results from the lack of proper vali
nvd
CVE-2018-4021P2HIGHCVSS 7.2v2.4.42018-12-03
CVE-2018-4021 [HIGH] CWE-78 CVE-2018-4021: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE pr
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command
nvd
CVE-2014-4688P3MEDIUMCVSS 6.5PoC≤ 2.1.32014-07-02
CVE-2014-4688 [MEDIUM] CVE-2014-4688: pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hos
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
nvd
CVE-2018-4020P2HIGHCVSS 7.2v2.4.42018-12-03
CVE-2018-4020 [HIGH] CWE-78 CVE-2018-4020: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE pr
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command
nvd
CVE-2018-4019P2HIGHCVSS 7.2v2.4.42018-12-03
CVE-2018-4019 [HIGH] CWE-78 CVE-2018-4019: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE pr
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command
nvd
CVE-2018-16055P2HIGHCVSS 8.8fixed in 2.4.42018-09-26
CVE-2018-16055 [HIGH] CWE-78 CVE-2018-16055: An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish
An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to exe
nvd
CVE-2022-26019P2HIGHCVSS 8.8fixed in 2.6.02022-03-31
CVE-2022-26019 [HIGH] CWE-22 CVE-2022-26019: Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions p
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
nvd
CVE-2022-24299P3HIGHCVSS 8.8fixed in 2.6.02022-03-31
CVE-2022-24299 [HIGH] CWE-20 CVE-2022-24299: Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
nvd
CVE-2020-11457P3MEDIUMCVSS 5.4PoCfixed in 2.4.52020-04-01
CVE-2020-11457 [MEDIUM] CWE-79 CVE-2020-11457: pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr p
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
nvd
CVE-2019-12585P3CRITICALCVSS 9.8fixed in 2.4.4v2.4.42019-06-03
CVE-2019-12585 [CRITICAL] CWE-78 CVE-2019-12585: Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary C
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.
nvd
CVE-2015-2294P4MEDIUMCVSS 4.3PoC≤ 2.22015-04-01
CVE-2015-2294 [MEDIUM] CWE-79 CVE-2015-2294: Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remo
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit
nvd
CVE-2019-16915P3CRITICALCVSS 9.8fixed in 2.4.4v2.4.42019-09-26
CVE-2019-16915 [CRITICAL] CWE-22 CVE-2019-16915: An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the wid
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey parameter directly without sanitization (e.g., a basename call) for a pathname to file_get_contents or file_put_contents.
nvd
1 / 3Next →