Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

HTTP: ESF pfSense system_groupmanager.php Command Injection

A command injection vulnerability has been reported in the web console of the ESF pfSense firewall. A remote, authenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation allows the attacker to execute arbitrary commands under the security context of ROOT.

References

URL: https://www.pfsense.org/security/advisories/pfsense-sa-16_08.webgui.asc

Short Name

HTTP:ESF-PFSENSE-CMD-INJ

Severity

Major

Recommended

True

Recommended Action

Drop

Category

HTTP

Keywords

Command ESF Injection pfSense system_groupmanager.php

Release Date

01/23/2018

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3324

False Positive

Unknown