Patch Released for RCE Vulnerability in pfSense Firewall - SOCRadar (2024)

FAQs

What is the new pfSense vulnerability? ›

pfSense v2. 5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser. php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.

pfSense CE 2.7. 0 and below, pfSense Plus 23.05. 1 and below are vulnerable to two XSS vulnerabilities and a Command Injection vulnerability (CVE-2023-42325, CVE-2023-42327, CVE-2023-42326). The security vulnerabilities are fixed in pfSense CE 2.7.

The ASD's ACSC is aware of an Unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2024-21762) in Fortinet FortiOS devices. CVE-2024-21762 refers to an out-of-bounds write vulnerability that may allow Unauthenticated RCE via a specially crafted HTTP request.

Challenging web GUI setup and management: Non-expert users may find it challenging to set up and manage the web GUI, particularly when it comes to assigning WAN and LAN interfaces. Limited API and scripting capabilities: Some reviewers have highlighted the lack of an API for making changes in pfSense.

Enhanced Security Monitoring: pfSense, being a powerful open-source firewall and router software, provides robust network security. However, adding Snort enhances security monitoring capabilities by providing an additional layer of defense against intrusions and malicious activities.

The OpenSSL project released version 3.0. 7 on November 1, 2022, to address CVE-2022-3786 and CVE-2022-3602, two high-severity vulnerabilities affecting OpenSSL's 3.0. x version stream discovered and reported by Polar Bear and Viktor Dukhovni.

If you want high customizability and a large support community, pfSense is a good option. If you prioritize an easy-to-use interface and frequent updates, instead, OPNsense may be better. Ultimately, pfSense offers more flexibility for seasoned users, but OPNsense provides a more polished out-of-box experience.

How remote code execution (RCE) attacks work. Remote code execution attacks generally occur via vulnerabilities in web applications and network infrastructure. Remote code execution vulnerabilities are flaws in software that allow an attacker to run malicious code on a target system.

RCE vulnerabilities are highly sought after by malicious actors. Exploiting these vulnerabilities can lead to devastating consequences, including data breaches, system compromises, and the propagation of malware or ransomware.

Can you get RCE from XSS? ›

In this article our security experts Tom and Almas explain how they managed to bypass client and server-side defenses in FortiADC, and turn an allegedly harmless XSS into RCE by optimally utilizing an extremely restricted payload space.

A zero-day vulnerability is unknown to the vendor, and thus there is no patch, mitigation, or fix available to address it. The term “zero-day” refers to the amount of time vendors have to address the flaw before hackers can exploit it.

CISA has added a new security flaw affecting the Linux kernel to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, CVE-2024-1086, allows attackers to elevate their privileges, even allowing the execution of random code.

Remote access: RCE vulnerabilities are commonly used to give an attacker an initial foothold on a corporate network that they could then expand. For example, an RCE vulnerability could allow an attacker to steal login credentials that would allow them network access via a VPN.