Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary command.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HNetgate Pfsense
APPNetgate< 2.6.0Netgate Pfsense Plus
APPNetgate< 22.01
Related vulnerabilities
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to...
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus so...
An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/picture.widget.php uses the widgetkey par...
Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Exe...
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injec...