ESF.pfSense.webgui.deletefile.Directory.Traversal

description-logoDescription

This indicates an attack attempt against a Cross-site request forgery (CSRF) vulnerability in Electric Sheep Fencing pfSense firewall.
The vulnerability is due to insufficient validation of user supplied data in the application. A remote attacker can exploit this by tricking an unsuspecting user into visiting a maliciously crafted link and delete arbitrary files from the affected machine.

affected-products-logoAffected Products

Electric Sheep Fencing pfSense prior to 2.2.1

Impact logoImpact

System Compromise: Remote attackers can delete arbitrary files from vulnerable machine.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.pfsense.org/security/advisories/pfSense-SA-15_04.webgui.asc

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)