漏洞类别:Firewall
漏洞等级: 
漏洞信息
pfSense is an open-source firewall/router which based on FreeBSD. pfsense can be deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server and VPN endpoint.
The WebGUI in pfSense is affected with XSS vulnerabilities.
The WebGUI in pfSense is affected with a brute force login protection weakness.
Affected Versions:
pfSense prior to version 2.3.4-p1
QID detection logic (unauthenticated):
The QID checks for vulnerable versions of pfSense, the version for pfSense is retrieved via SNMP.
漏洞危害
Successful exploitation of the vulnerabilities will allow XSS attacks and gain access to pfSense via brute-forcing.
解决方案
For more information, Customers are advised to refer the following advisories:
pfSense-SA-16_03.
pfSense-SA-16_04.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论