Intrusion Prevention



This indicates an attack attempt against a remote Command Execution vulnerability in ESF pfSense.
The vulnerability is due to an improper validation of graph HTTP parameter by status_rrd_graph_img.php. A remote attacker can exploit this to execute arbitrary commands via a crafted HTTP request.

Affected Products

Electric Sheep Fencing pfSense prior to 2.3


System Compromise: Remote attackers can execute arbitrary commands with root privileges.

Recommended Actions

Upgrade to the latest version, available from the website.

Other References

39709 PFSENSE- SA-16_01