vendor:
pfsense
by:
Yann CAM
8,8
CVSS
HIGH
XSS & CSRF Remote root Access
79,352
CWE
Product Name: pfsense
Affected Version From: 2.0.1
Affected Version To: 2.0.1
Patch Exists: YES
Related CWE: N/A
CPE: 2.3:a:pfsense:pfsense:2.0.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: FreeBSD
2013
pfSense 2.0.1 XSS & CSRF Remote root Access
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In version 2.0.1 of the distribution, differents vulnerabilities XSS & CSRF RCE reverse root shell can be used. Potential XSS protected with CSRFMagic with information disclosure is present in the file /usr/local/www/progress.php lines 21-30. Potential CSRF with RCE reverse root shell is present in the file /usr/local/www/diag_command.php lines 28-30.
Mitigation:
It is strongly advised to update to version 2.0.2 available now.
