Netgate.pfSense.system_advanced_misc.php.Command.Injection
Description
This indicates an attack attempt against a remote Command Injection vulnerability in Netgate pfSense.
The vulnerability is due to an improper validation of user-supplied parameters by system_advanced_misc.php. A remote attacker can exploit this to execute arbitrary commands via a crafted HTTP request.
Affected Products
Netgate pfSense 2.4.x prior to 2.4.4-p1
Impact
System Compromise: Remote attackers can execute arbitrary commands with root privileges.
Recommended Actions
Apply the most recent upgrade or patch from the vendor:
https://www.pfsense.org/security/advisories/pfSense-SA-18_09.webgui.asc
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |