Intrusion Prevention

ESF.pfSense.Graph.PHP.Command.Injection

Description

This indicates an attack attempt against a remote Command Execution vulnerability in ESF pfSense.
The vulnerability is due to an improper validation of graph HTTP parameter by status_rrd_graph_img.php. A remote attacker can exploit this to execute arbitrary commands via a crafted HTTP request.

Affected Products

Electric Sheep Fencing pfSense prior to 2.3

Impact

System Compromise: Remote attackers can execute arbitrary commands with root privileges.

Recommended Actions

Upgrade to the latest version, available from the website.
https://www.pfsense.org/security/advisories/pfSense-SA-16_01.webgui.asc

Other References

39709 PFSENSE- SA-16_01