Netgate Pfsense vulnerabilities

CVE-2019-16701 [HIGH] CWE-78 CVE-2019-16701: pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document wi pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.

CVE-2019-12949 [MEDIUM] CWE-79 CVE-2019-12949: In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into cli In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges

CVE-2019-12585 [CRITICAL] CWE-78 CVE-2019-12585: Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary C Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsd_status.php.

CVE-2019-12584 [MEDIUM] CWE-79 CVE-2019-12584: Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue i Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php.

CVE-2019-12347 [MEDIUM] CWE-79 CVE-2019-12347: In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.

CVE-2019-11816 [HIGH] CVE-2019-11816: Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.

CVE-2018-20798 [HIGH] CWE-732 CVE-2018-20798: The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible w The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions.

CVE-2018-20799 [HIGH] CVE-2018-20799: In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is i In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions.

CVE-2018-4020 [HIGH] CWE-78 CVE-2018-4020: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE pr An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command

CVE-2018-4021 [HIGH] CWE-78 CVE-2018-4021: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE pr An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command

CVE-2018-4019 [HIGH] CWE-78 CVE-2018-4019: An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE pr An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command

CVE-2018-16055 [HIGH] CWE-78 CVE-2018-16055: An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to exe

CVE-2017-1000479 [HIGH] CWE-352 CVE-2017-1000479: pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resul pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 0

CVE-2015-6509 [MEDIUM] CWE-79 CVE-2015-6509: Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers t Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7

CVE-2015-4029 [MEDIUM] CWE-79 CVE-2015-4029: Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attacke Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php.

CVE-2015-6508 [MEDIUM] CWE-79 CVE-2015-6508: Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject a Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.

CVE-2015-6510 [MEDIUM] CWE-79 CVE-2015-6510: Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers t Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pp

CVE-2015-6511 [MEDIUM] CWE-79 CVE-2015-6511: Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject a Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php.

CVE-2015-2295 [MEDIUM] CWE-352 CVE-2015-2295: Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebG Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.

CVE-2015-2294 [MEDIUM] CWE-79 CVE-2015-2294: Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remo Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit