Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HNetgate Pfsense Ce
APPNetgate< 2.8.0Netgate Pfsense Plus
APPNetgate< 25.03
Powiązane podatności
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus so...
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execu...
An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request t...
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to ...
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2....