Command Injection Vulnerability in Netgate pfSense v2.7.0's restore_rrddata() Function
CVE-2023-27253 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
Learn more about our Cis Benchmark Audit For Pfsense Firewall.