pfSense 漏洞列表

diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.

pfSense pfBlockerNG through 2.1.4_26 is susceptible to OS command injection via root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header.

diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.

pfSense pfBlockerNG through 2.1.4_26 is susceptible to OS command injection via root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header.

Netgate pfSense存在跨站脚本漏洞，此漏洞是由于status_logs_filter_dynamic.php接口对用户的请求验证不当造成的。

Netgate PfSense存在命令注入漏洞。此漏洞是由于diag_packet_capture.php对于用户发送的请求缺乏校验导致的。

Netgate pfSense中存在命令注入漏洞。该漏洞是由于对发送到插件pfBlockerNG的HTTP header验证不正确导致的。

pfBlockerNG是一个热门的默认未安装的pfSense插件。通常用于阻止来自整个国家或IP范围的入站连接。其2.1.4_26及以下版本包含该漏洞，攻击者可以通过未经验证的RCE漏洞来实现root访问。

【漏洞对象】pfsense网关防火墙 【漏洞描述】pfsense网关防火墙默认密码，攻击者可修改系统配置，修改防火墙策略，查看流量监控、修改日志等操作，导致网站或者服务器沦陷。