HTTP: Netgate pfSense system_advanced_misc.php Command Injection
This signature detects attempts to exploit a known vulnerability against Netgate pfSense system.e. Successful exploitation results in the execution of arbitrary commands as the root user on the target server.
Extended Description
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter.
Affected Products
Netgate pfsense
References
CVE: CVE-2023-42326
URL: https://www.pfsense.org/security/advisories/pfsense-sa-18_09.webgui.asc https://talosintelligence.com/vulnerability_reports/talos-2018-0690 https://docs.netgate.com/downloads/pfSense-SA-23_11.webgui.asc https://docs.netgate.com/downloads/pfSense-SA-23_10.webgui.asc https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
Short Name
HTTP:CVE-2018-4019-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-4019 CVE-2023-42326 CVE-2023-48123 Command Injection Netgate pfSense system_advanced_misc.php
Release Date
02/07/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3666
False Positive
Unknown
Vendors
Netgate
CVSS Score
6.5