Input validation, access control bypass and XSS vulnerabilities in the pfSense firewall: Update immediately

Cybersecurity specialists report the detection of multiple vulnerabilities in pfSense, an open source and custom distribution of FreeBSD optimized for use in devices such as firewalls or routers. According to the report, successful exploitation of these flaws would allow threat actors to deploy some dangerous hacking variants.

Below are brief descriptions of the reported flaws, in addition to their respective identification keys and scores assigned under the Common Vulnerability Scoring System (CVSS).

CVE-2022-26019: Inadequate access restrictions on services_ntpd_gps.php would allow remote administrators to rewrite existing files in the file system and execute arbitrary code on the compromised system.

The flaw received a CVSS score of 6.3/10.

CVE-2022-24299: Insufficient validation of user-provided inputs within the data_ciphers parameter on pages vpn_openvpn_server.php and vpn_openvpn_client.php would allow remote users to pass specially crafted input to the vulnerable application, leading to a scenario of arbitrary command execution on the compromised system.

This is a flaw of medium severity and received a CVSS score of 7.7/10.

CVE-2021-20729: Insufficient disinfection of user-provided data in Captive Portal would allow remote threat actors to execute HTML code and arbitrary scripts in the user’s browser in the context of a vulnerable website.

The vulnerability received a CVSS score of 5.3/10 and its successful exploitation would allow remote hackers to deploy cross-site scripting (XSS) attacks.

According to the report, the flaws reside in the following implementations and versions of pfSense:

  • pfsense: 1.0.x – 2.5.2
  • pfSense Plus: 21.02 – 21.05

While the flaws can be exploited by remote threat actors not authenticated over the Internet, so far no active exploitation attempts or the existence of an attack variant related to these reports have been detected. Still, users of affected deployments are encouraged to address flaws as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.