Pfsense Ce And Pfsense Plus vulnerabilities
3 known vulnerabilities affecting pfsense/pfsense_ce_and_pfsense_plus.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-26019HIGHCVSS 8.8vpfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.012022-03-31
CVE-2022-26019 [HIGH] CWE-22 CVE-2022-26019: Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions p
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
nvd
CVE-2022-24299HIGHCVSS 8.8vpfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.012022-03-31
CVE-2022-24299 [HIGH] CWE-20 CVE-2022-24299: Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
nvd
CVE-2021-20729MEDIUMCVSS 6.1vpfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier2022-03-31
CVE-2021-20729 [MEDIUM] CWE-79 CVE-2021-20729: Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.
nvd