Threat Encyclopedia

Netgate.pfSense.system_advanced_misc.php.Command.Injection

description-logoDescription

This indicates an attack attempt against a remote Command Injection vulnerability in Netgate pfSense.
The vulnerability is due to an improper validation of user-supplied parameters by system_advanced_misc.php. A remote attacker can exploit this to execute arbitrary commands via a crafted HTTP request.

affected-products-logoAffected Products

Netgate pfSense 2.4.x prior to 2.4.4-p1

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary commands with root privileges.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor:
https://www.pfsense.org/security/advisories/pfSense-SA-18_09.webgui.asc

Telemetry logoTelemetry