漏洞类别:Firewall
漏洞等级: 
漏洞信息
pfSense is an open-source firewall/router which based on FreeBSD. pfsense can be deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server and VPN endpoint.
The WebGUI in pfSense is affected with XSS vulnerabilities.
The filterlog in pfSense is affected with a Denial of Service vulnerability.
Affected Versions:
pfSense prior to version 2.3.1
QID detection logic (unauthenticated):
The QID checks for vulnerable versions of pfSense (prior to 2.3.1), the version for pfSense is retrieved via SNMP.
漏洞危害
Successful exploitation of the vulnerabilities will allow Denial of Service and XSS attacks.
解决方案
For more information, Customers are advised to refer the following advisories:
pfSense-SA-16_03.
pfSense-SA-16_04.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论