漏洞类别:Firewall
漏洞等级: 
漏洞信息
pfSense is an open-source firewall/router which based on FreeBSD. pfsense can be deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server and VPN endpoint.
The WebGUI in pfSense is affected with Command-injection vulnerabilities which allows non-admin users to gain increased privileges, read other files, execute commands, or perform other alterations.
Affected Versions:
pfSense prior to version 2.3.1_1
QID detection logic (unauthenticated):
The QID checks for vulnerable versions of pfSense (prior to 2.3.1_1), the version for pfSense is retrieved via SNMP.
漏洞危害
Successful exploitation of the vulnerabilities leads to privilege escalation.
解决方案
For more information, Customers are advised to refer the following advisory:
pfSense-SA-16_05.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论