漏洞类别:Firewall
漏洞等级: 
漏洞信息
pfSense is an open-source firewall/router which based on FreeBSD. pfsense can be deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server and VPN endpoint.
The WebGUI in pfSense is affected with Command-injection vulnerabilities which allows non-admin users to gain increased privileges, read other files, execute commands, or perform other alterations.
Affected Versions:
pfSense prior to version 2.3.1_5
QID detection logic (unauthenticated):
The QID checks for vulnerable versions of pfSense, the version for pfSense is retrieved via SNMP.
漏洞危害
Successful exploitation of the vulnerabilities leads to privilege escalation.
解决方案
For more information, Customers are advised to refer the following advisories:
pfSense-SA-16_07.
pfSense-SA-16_08.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论