Lucene search

[email protected]CVE-2022-31814

HistorySep 05, 2022 - 4:15 p.m.

CVE-2022-31814

2022-09-0516:15:08

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-31814

pfsense

pfblockerng

remote code execution

http

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.8%

JSON

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

Affected configurations

NVD

Node

netgatepfblockerngRange≤2.1.4_26pfsense

CPENameOperatorVersion
netgate:pfblockerngnetgate pfblockerngle2.1.4_26

CPE	Name	Operator	Version
netgate:pfblockerng	netgate pfblockerng	le	2.1.4_26

References

packetstormsecurity.com/files/168743/pfSense-pfBlockerNG-2.1.4_26-Shell-Upload.html

packetstormsecurity.com/files/171123/pfBlockerNG-2.1.4_26-Remote-Code-Execution.html

docs.netgate.com/pfsense/en/latest/packages/pfblocker.html

github.com/pfsense/FreeBSD-ports/pull/1169

github.com/pfsense/FreeBSD-ports/pull/1169/commits/071bdcf2d918c3e51cde11cf81fbd9b6f0379d7e

www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.8%

JSON

Related for CVE-2022-31814

githubexploit3 cvelist2 nuclei1 packetstorm2 zdt2 prion2 nvd2 vulnrichment1 exploitdb1 rapid7blog1 cve1