Command Injection Vulnerability in Netgate pfSense v2.7.0's restore_rrddata() Function

Command Injection Vulnerability in Netgate pfSense v2.7.0's restore_rrddata() Function

CVE-2023-27253 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

Learn more about our Cis Benchmark Audit For Pfsense Firewall.