漏洞类别:Firewall
漏洞等级: 
漏洞信息
pfSense is an open-source firewall/router which based on FreeBSD. pfsense can be deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server and VPN endpoint.
The WebGUI in pfSense is affected with multiple Cross-Site Scripting vulnerabilities.
Affected Versions:
pfSense prior to version 2.2.5.
QID detection logic (unauthenticated):
The QID checks for vulnerable versions of pfSense (prior to 2.2.5), the version for pfSense is retrieved via SNMP.
漏洞危害
Allows remote attackers to inject arbitrary web script.
解决方案
For more information, Customers are advised to refer the advisroy pfSense-SA-15_08.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论