Arbitrary Command Execution via Improper Access Control in pfSense CE and pfSense Plus

Arbitrary Command Execution via Improper Access Control in pfSense CE and pfSense Plus

CVE-2022-26019 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.

Learn more about our Cis Benchmark Audit For Pfsense Firewall.